Azure DevOps:如何仅限制对板的权限?
[英]Azure DevOps: How to restrict permissions to boards only?
问题描述
I want to add a guest account to my Azure Active Directoy and give it access to an Azure DevOps project.
我想向我的 Azure Active Directory 添加一个来宾帐户并授予它访问 Azure DevOps 项目的权限。 Inside the project the guest should only be allowed to create, edit and delete work items.在项目内部,应该只允许来宾创建、编辑和删除工作项。 Basically all the features on boards except administrative work.除了行政工作之外,基本上所有的功能都在板上。 All other features of DevOps should be restricted. DevOps 的所有其他功能都应该受到限制。
The problem is, that I can't find a way to create a new group which fits my requirements.问题是,我找不到创建符合我要求的新组的方法。 As soon as a user should be able to create work items he must be member of the default "Contributor" group.一旦用户应该能够创建工作项,他就必须是默认“贡献者”组的成员。 But then he can also create environments for example because there is no way to deny permissions regarding environments inside self defined groups.但是他也可以创建环境,例如,因为无法拒绝有关自定义组内环境的权限。
Does anybody have an idea how to restrict permissions for a user or a group to only the mentioned board related features?有没有人知道如何将用户或组的权限限制为仅提及与板相关的功能?
Thanks in advance提前致谢
1 个解决方案
解决方案1
1 已采纳 2020-09-30 03:07:29
Does anybody have an idea how to restrict permissions for a user or a group to only the mentioned board related features?
Indeed, there is no such group which fits your requirements directly.事实上,没有这样的组可以直接满足您的要求。
As workaround, we could create a new group as member of the Contributors group:作为解决方法,我们可以创建一个新组作为Contributors组的成员:
we add this new created group as Reader in the Security of Environments:我们将这个新创建的组添加为环境安全中的Reader :
Then add this new created group to other modules that need to be restricted with same principle.然后将这个新创建的组添加到其他需要以相同原则进行限制的模块中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.