# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp
Expected Behavior
Providers docs specify that "Permissions can be assigned to group principals and not to single user principals."
Actual Behavior
But in my testing it is possible to assign permissions to single user principals using their descriptor.
I assigned some permissions to git repositories and build definitions to the Project Build Service account. After I run Terraform the permission changes are reflected in the AZ DevOps portal GUI.
I tried only the two mentioned permission resources and have not yet tested whether the permissions only
visually appear to be set in the portal GUI or are really assign to the Project Build Service account and the account can use them when running pipelines. (I will update the post when I do test this)
I conclusion I would like to know whether the docs are incorrect/possibly obsolete and we can use this feature to assign permissions to single user principals or if this only seems to be working but there is some unwanted behavior when assigning to single user principals.
@Jaroslav24 As code and new features are continually added to these resources, this documentation may become out-of-date. Will check the features and documents
Community Note
Terraform (and Azure DevOps Provider) Version
Affected Resource(s)
azuredevops_git_permissions, azuredevops_build_definition_permissions
Terraform Configuration Files
Expected Behavior
Providers docs specify that "Permissions can be assigned to group principals and not to single user principals."
Actual Behavior
But in my testing it is possible to assign permissions to single user principals using their descriptor. I assigned some permissions to git repositories and build definitions to the Project Build Service account. After I run Terraform the permission changes are reflected in the AZ DevOps portal GUI.
I tried only the two mentioned permission resources and have not yet tested whether the permissions only visually appear to be set in the portal GUI or are really assign to the Project Build Service account and the account can use them when running pipelines. (I will update the post when I do test this)
I conclusion I would like to know whether the docs are incorrect/possibly obsolete and we can use this feature to assign permissions to single user principals or if this only seems to be working but there is some unwanted behavior when assigning to single user principals.
0000