Depending on organizational structure and security, some of the
organisations would need a common security group with atleast read access to
all projects. This might be for management monitoring or for some secutiry
purpose.
So for creating such groups, first of all you need need to
collection admin of the organization. Now create a new group in Azure devops at
collection level with the basic inherited permissons. Here I have created a
goup with name “Allprojectaccessgroup”.
Now add people to this group who needs read permission to
all the projects of your organisation.
Next step would be to create a group a group rule. For this
you need to go to Users tab at organizational level.
Select add group rule and add the collection level group to it.
From the projects dropdown select the required projects in
which you need to add this group. If you want add to all projects select “All”.
Once select the projects, save it. Now wait for a moment and
check for the group rule being listed under the group rule tab. Select “Manage
group rule” from the menu options.
While managing group rule you can assign to required group
and assign the access level:
You can select for all the projects as “Project Readers” and
save it.
If we go inside projects “Readers” security group, we would
be able to see this collection group being added to the project.
From here on for all the projects we create, we have to
either go manually select from manage rules at group rule level or we can do
some automation to update the group rule. The easiest way would be creating automated scripts using
API’s to update the group rule. We can automate this using some scheduling
approach. We have scheduled our script to execute once every day, so that any
project created will have the new group added on the same day. I will put the code soon in my github repository.
Hope this works for you!
No comments:
Post a Comment