Reputation: 30198
Git Repository Security in VS Team Services
I need help understanding how to set various permissions on VSTS repositories.
Specifically:
1) I forked one of my VSTS repositories, both in the same VSTS account and Team Project (instructions here: http://www.woodcp.com/2014/01/how-to-fork-git-repositories-on-visual-studio-online/)
2) I have 3 classes of users: a) my self, account admin, I obviously need complete access to all repos b) my devs, I only want those to have read and pull request ability on one of the forked repos, I don't even want them to see the other one c) product owners, really, all I want them to be able to do is see and edit the Work Backlog. They don't need to see any of the code, and it would be amazing if they didn't have to use one of the TFS user slots
I realize that maybe Stack Overflow isn't the greatest place for this question, but is Server Fault any better? I would love some help doing this and I find the VS Team Services security UI confusing. Maybe a link to a great write up on how to do this?
Upvotes: 1
Views: 552
Answers (2)
Reputation: 33698
You can refer to these steps to set permission:
- Add users (devs and product owners) to your VSTS (https://XXX.visualstudio.com/_user)
- Go to your Git team project admin page and select version control (https://XXX.visualstudio.com/[teamproject]/_admin/_versioncontrol)
- Select a repository
- In Security page, click Add > Add user to add your devs members
- Grant devs users Contribute and Read permission (per to your detail requirement)
- Go to Work admin page (Click Work)
- Select Areas
- Right click an area > Security
- Click Add > Add User to add your product owners members
- Grant these users Edit work items in this node and view work items in this node permission
More information about permission, you can refer to this article: Permissions and groups defined for Team Services and TFS
Upvotes: 2
Reputation: 23434
Ok, you have a number of things going on here, let me try to answer each one.
Product Owners
Product owners need the ability not just to edit work items, but also to re order in the backlog. This feature, among other Product Owner orientated features are in the Basic licence.
Why can't Product Owners look at the code? I am not saying they understand, or that it is valuable to have them do so... However they own it. Why hide it.
If you do want to restrict access to code you can go change the default behaviour of the Git or TFVC repos on the Version Control tab in the admin section. The root controls the inheritied defaults.
Development Team
Why not just use branches and prevent access to Master using Branch Policies? That seams like a much simpler solution and would remove many of the configuration that you are struggling with. Forking on GitHub is also not a recommended practice for actual project contributors, but instead a feature to allow random folks you dont know to contribute.
I would put them in the Contributor security group (adding them to a Team does this by default) and use Branch Policies to protect Master and have you approve all pull requests.
Conclusion
You should be a Project Admin and all the members of your Scrum Team (PO + Development Team) should be set as members of the Team in VSTS, which will make them contributes.
Upvotes: 0
Related Questions
- Azure DevOps and private git repository
- How Git source Control security works?
- How to ensure that Visual Studio Online Git Repository is private?
- Visual Studio Team Services - Git Repo credentials
- How to restrict user access to a particular Git repository in VSTS?
- Protecting a git branch in Visual Studio Team Services
- Visual Studio Team Services - Code repository privacy
- Restrict Visual Studio Online Git Permissions by repo
- Protect Git branch in Visual Studio Team Services like in GitHub
- No security on TFS+Git Service?