Reputation: 41
How to block user from accessing git repo on Visual Studio Online
Background
I'm looking to segment a git repository and hire help for it. I know that Visual Studio Online (VSO) is treated as on default project and that a user can see all global users, and perhaps some other details so I wanted to test what else a user can do.
It seems that after a workspace is setup, even if a user is removed entirely from a project they have ongoing access to the project! This doesn't make sense there must be a setting I'm missing, but the user isn't even a part of the project and is still able to commit code to it!
So this user have no access to either Project 1 or Project 2, but is on a desktop which has a local clone of the git.
Still able to make commits:
So I thought, I must be missing something. This is a test user, maybe my Visual Studio/git is signed in with a user that has access, but no this wasn't the case:
Evening looking at the project on VSO it is Private, and the user is NOT in the members list:
What this seems to suggest is if you hired a temporary freelancer to work on your VSO hosted git project, you can't remove them? This can't be right, but I don't know what more to check. In the project's security tab user "Thomas Tiveron" doesn't even exist to block or deny access to.
How do you remove a user's access to the remote repository?
Upvotes: 1
Views: 290
Answers (2)
Reputation: 38136
If you deselect the projects by managing projets for the user, he/she can not access to the projects.
For your situation Thomas Tiveron can not acess to Project 1 and Project 2. And you can double check to access Project 1/Project 2 with Thomas Tiveron's credential, it should show 401 not authorized.
While for the reason why Thomas Tiveron can commit and push changes via VS, it's mainly caused that Project 1/Project 2 has been connected not only with Thomas Tiveron's credential, but also connected with other user's credential who still can access to Project 1/Project 2.
To make things earier, please clean the credential for the VSTS account in the local machinbe, then test again. Detail steps as below:
In Credential Manager -> Windows Credentials -> Generic Credentials -> remove credential for you VSTS account.
Now you can grant premission for Thomas Tiveron to access Project 1 and Project 2, and push changes by entering Thomas Tiveron's credential (not using other users' credential). Then deselect Project 1 and Project 2, and push again. Now VS will stop the user Thomas Tiveron to push changes to Project 1/Project 2.
Upvotes: 1
Reputation: 9258
As git is distributed, the user, even when remote access is removed, still has the clone at their local storage, and can commit there, but should not be able to push or fetch. I believe your 2nd screenshot shows the local commits, if all went correct. Also, if you login as a user who has access, and then push the commits made by user who does not have the access, they would be shown in remote UI as committed by that user.
Upvotes: 0
Related Questions
- How can I restrict a user permission to contribute in only one repository in AzureDevOps
- Azure DevOps - deny access to repo
- Azure devops, how to deny access to all but one repo to a new team
- How to restrict repos access by user
- How to ensure that Visual Studio Online Git Repository is private?
- How to restrict user access to a particular Git repository in VSTS?
- Git Repository Security in VS Team Services
- Restrict Visual Studio Online Git Permissions by repo
- Protect Git branch in Visual Studio Team Services like in GitHub
- How can I allow only certain people to commit in Visual Studio Online?