Azure DevOps: Set Git branch permission for all repos in all projects

Question

Is there a way to set the "Force Push" permission for a group in Azure DevOps for all current and future branches in all current and future repos and projects?

We currently have about 50 projects with one repo and several branches each and it would be a lot of manual work and error prone to set the permission in every single branch for every repository.

Answer 1

You can set the permissions in Repositories for multiple projects in batches through this rest API.

POST https://dev.azure.com/{organization}/_apis/accesscontrollists/{securityNamespaceId}?api-version=5.0

The "Force Push" permission previously in the UI for Not set was changed to Allow.

Answer 2

Jesse Houwing wrote recently an article about it, in short, you can use tfssecurity command to apply git permissions for all repositories in all projects:

tfssecurity /a+ "Git Repositories" repoV2/ "ForcePush" adm: ALLOW /collection:https://dev.azure.com/{organization}

Explanation:

/a+ - Add (a+) or Remove (a-) this permissions.

Git Repositories - The Security Namespace

repoV2 - The token for organization level

ForcePush - The Permissions we want to set

adm: - The Group (in this case "Project Collection Administrators")

ALLOW - Allow or Deny the permission

I recommend to take a look in the article to see how he found it.

More info about tfssecurity tool you can find here.

Answer 3

If you navigate to the project settings, then select Repositories in the left pane, you can select the Git repositories root in the tree view. Any permission explicitly defined here is inherited by all existing and new repositories and branches: