Azure devops, how to I find all users and groups who have permission to delete a repository?
Question
Well one way could be to go to the project setting and then click repository and then
- check all the groups it has,
- Read into each group and identify the ones have access to delete repository
- Then go into that that group and find members
- if member is user: store/list/write-down (may be in excel)
- else if member is group, go recursively inside it to find all users it may have
But that's quite a manual process. I am looking for a azure CLI or rest api on which I can query and it gives me back the results. Something like SQL: find all users on repository=xyz where permission=delete
The intent is to create a periodic audit process.
1 answers
solution1
1 2019-11-21 08:09:42
But that's quite a manual process. I am looking for a azure CLI or rest api on which I can query and it gives me back the results.
I am afraid we could not achieve it by rest api at this moment.
That because there is no such REST API to set version control permissions (including git repo). There is a user voice about it on our main forum for product suggestions:
Set version control permissions by REST API
You could vote and add your comments for this feedback. When there are enough communities vote and add comments for this feedback, the product team member will take this feedback seriously.
Even if we have that API, there is still a long way to go to complete it. First, we need to traverse all the eligible groups and users according to the condition Delete repository=Allow , then filter the groups from the result of the traversal, and call the API according to the filtered group ID to get the users in the group. Last, we still have to merge those duplicate user names. So, this should be a long way to do it.
Hope this helps.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.