Reputation: 19218
In an AzDO project, I want to deny the group "all", that consists of 100 members, the right to contribute to the master branch. However, 3 developers, that are also members of "all", should be allowed to contribute.
Unfortunately it seems "deny" always trumps "allow", so it seems I would have to create an extra 97 member group "all minus master contributors".
Creating such a group would be a royal pain just for a single project, but such groups would have to be created for every project in the organization. (The "all" group, in contrast, is managed organization-wide and can be shared between all projects)
Is there an easy way to accomplish what I want?
Upvotes: 2
Views: 2641
Reputation: 41545
You can't override the "Deny" permissions. but, if they have "Not set" permissions they will not be able to push to the master, they should have "Allow" for this.
But, if you want to prevent users from push to master, the best way is to use Branch Policies instead of using the deny permission.
For the 3 users you want to allow push to master you can give Bypass policies when pushing
permissions.
Upvotes: 3
Reputation: 8298
Steps:
open org setting->Permissions->create group A and add 100 members.
Open project setting->click the tab permission(All repo permission)-> add the group A and set the permission Contribute to Deny.
Open the repo->click the tab permission(one repo permission)->enter the user account(3 users) and change their personal permission Contribute to allow.
Then the 3 users can update the repo
Upvotes: -1