Permission resources can assign to single user principals.

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and Azure DevOps Provider) Version

Affected Resource(s)

azuredevops_git_permissions, azuredevops_build_definition_permissions

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

Expected Behavior

Providers docs specify that "Permissions can be assigned to group principals and not to single user principals."

Actual Behavior

But in my testing it is possible to assign permissions to single user principals using their descriptor. I assigned some permissions to git repositories and build definitions to the Project Build Service account. After I run Terraform the permission changes are reflected in the AZ DevOps portal GUI.

I tried only the two mentioned permission resources and have not yet tested whether the permissions only visually appear to be set in the portal GUI or are really assign to the Project Build Service account and the account can use them when running pipelines. (I will update the post when I do test this)

I conclusion I would like to know whether the docs are incorrect/possibly obsolete and we can use this feature to assign permissions to single user principals or if this only seems to be working but there is some unwanted behavior when assigning to single user principals.

0000

microsoft / terraform-provider-azuredevops