How to setup Azure DevOps Repo Read Only Access

Question

Objective: Allow different clients access to only read/pull from my private repo.

Overview: Listed are the different options that I am aware of:

• I could invite the clients and give them access to the Basic access level but do know what to have to pay for different users just to read/clone from the repo.
• I could create a single user with Basic access level and then create git access tokens for them individually. However, I did not see a way to restrict the access tokens to be project/repo specific. Instead, the access tokens create had the same privileges as the created user.

Question: What is the best practice to provide access to an external user to only access the private Azure DevOps repo?

Note: I have seen this link and did not know if there were other options.

Answer 1

To make the user only have read access to all repos in one project:

You may consider making the user a reader instead of contributor or Project Administrators, so the user can have only read access to the repos in one project.

Organization Settings=>Users(General)=>Manage user=> select Project reader.

More details about project readers you can check this document.

To make the user only have read access to one special repos in one project:

We can control related permissions from Project Settings=>Repositories(Repos)=>Version Control Administrators:

Hope all above helps :)