Reputation: 33417
How to get subject id of Build Service
I am trying to configure permission in Azure DevOps using az devops cli following this answer (Assigning group permissions using to Azure DevOps CLI).
I successes update Force Push to Allow For Contributors group, using this command line:
az devops security permission update `
--id $namespaceId `
--subject $subject `
--token "$repoV2" `
--allow-bit $bit `
--merge true `
--org https://dev.azure.com/$org/
I extracted subject id by this command:
$subject = az devops security group list `
--org "https://dev.azure.com/$org/" `
--scope organization `
--subject-types vssgp `
--query "graphGroups[[email protected] == 'ForcePush'].descriptor | [0]"
Now I want to do give Contribute (GenericContribute) to ProjectName Build Service (organization), (note: with red question mark in image). It is neither a user nor group, even thus it is under users category. How can I change permission for this using command line?
Note: It will be fine for me if the solution either az devops cli, rest api or graphs api.
Upvotes: 1
Views: 1702
Answers (2)
Reputation: 141
To get the organization Id dynamically you just have to retrieve the value of the System.CollectionId variable as following:
$orgId = $(System.CollectionId)
Documentation: https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#system-variables-devops-services
Upvotes: 1
Reputation: 7196
Update:
Original Answer:
Refer to this official document so that we will know the namespace id:
namespace id in your situation is: '2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87'
How to achieve your requirements:
Just Send API call to this:
https://dev.azure.com/<Organization Name>/_apis/AccessControlEntries/2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87
Request Method:
POST
Request Body:
{
"token": "repoV2/<Project ID>/<repo ID>/",
"merge": true,
"accessControlEntries": [
{
"descriptor": "Microsoft.TeamFoundation.ServiceIdentity;<Organization ID>:Build:<Project ID>",
"allow": 4,
"deny": 0,
"extendedInfo": {
"effectiveAllow": 4,
"effectiveDeny": 0,
"inheritedAllow": 4,
"inheritedDeny": 0
}
}
]
}
How to get the above IDs:
1, Organization ID.
I will suggest a simple method here(Of course you can try to use API to get it):
Turn on the browser, press F12 to turn on the debug mode and then go to this place:
https://dev.azure.com/<Organization Name>/
After that, search this: https://spsprodsea2.vssps.visualstudio.com/
You will get the organization ID here:
2, Project ID.
Just follows this API:
https://dev.azure.com/<Organization Name>/_apis/projects?api-version=6.0
Just search the name in the response and you will get the ID. In this situation, the project build service account is managed via project id.
3, Repository ID.
https://dev.azure.com/<Organization Name>/<Project Name>/_apis/git/repositories?api-version=6.0
Search the repository name and you will get the ID.
Success on my side:
Upvotes: 5
Related Questions
- Is there a way to get the SubscriptionID used in task: "Azure Resource Group Deployment"
- Fetch AzureDevops build details by Pull Request
- How to get build name on Azure?
- How to get the Azure DevOps Service Principal ID + Name
- How to view or get the service connection id in Azure DevOps
- How do I get Build ID of an In progress Pipeline in Azure DevOps
- Find name of project build service in Azure Pipeline
- In Azure Devops Release Pipeline, how can I get the name of the build associated with the release?
- Azure DevOps - get custom Task Reference ID
- How to fetch Azure devops service connection id