Open PrometheusRising1 opened 4 years ago
Should reference this document: https://docs.microsoft.com/en-us/azure/devops/server/admin/service-accounts-dependencies?view=azure-devops
Every regulated industry will require that their team at least validates least-privilege requirements after installation. Those who are using Azure DevOps Server (rather than the Azure service directly) are often working in regulated industries. Any document that goes through install should at least reference least-privilege documentation somewhere in the main installation article with a link.
Can you add to this document regarding least-privilege necessary for the service accounts and user accounts that access SQL Server for Azure DevOps Server (e.g. "The domain account that reaches into SQL Server from Azure DevOps requires backup_admin server permissions and db_reader and db_writer on the database" - or whatever the case may be.)
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.