How can I as an admin of a project at Azure DevOps disable or hide Organizational / Project Settings options for users who are contributors of a particular project? This is for security purposes so that contributors do not play around with settings. Help appreciated.
How can I as an admin of a project at Azure DevOps disable or hide
Organizational / Project Settings options for users who are
contributors of a particular project?
You can disable to editing permission of settings(this can make sure the users unable to play around with settings), but it is impossible to hide the UI.
For every users to want to limit, use these setting:
In this situation, they will be unable to edit the settings.
By the way, the PCA(Project Collection Administrators) is very special, if a user has this permission, other settings will not overwrite this.
Related
I have been building canvas apps as part of solutions on non-default environments for a while.
Recently a customer required that the app be shared (to run, not edit) with an AAD security group's members.
The SG setup is as follows;
Image of SG setup
I imagined this to be simple and indeed I was able to 'Share' the canvas app with the SG.
However, users were unable to access the app even via a direct URL unless I gave them individual access.
I have spent many hours perusing the documentation and it seems that it is all aimed at 'Dynamics/CDS' environments.
The only way that i was able to share the app to them using the SG, was to create an environment DB add then to set the SG as the env SG.
Is that the correct approach?
It seems counter-intuitive because, according to MS, if an SG is not set to an environment, then all users can access the env?
First, make sure the group you are sharing with is really a security group or security-enabled M365 group.
You can't share an app with a distribution group in your organization or with a group outside your organization.
...
You can share an app with Microsoft 365 groups. However, the group must have security enabled
You can do that at Azure Portal:
Go to Azure AD Active Directory > Groups (direct URL)
Click [Columns] and add Security enabled column to the list
Find the group and make sure it is security-enabled
Also, make sure users have permissions to access and other resources
For a shared app to function as you expect, you must also manage permissions for the data source or sources on which the app is based, such as Microsoft Dataverse or Excel. You might also need to share other resources on which the app depends, such as flows, gateways, or connections.
Source: https://learn.microsoft.com/en-us/powerapps/maker/canvas-apps/share-app
I created IIS website with following setting (ApplicationPool account is named Fitko)
When I run website and submit form with image, application throw an error
UnauthorizedAccessException: Access to the path
'C:\IISWorkspace\Fitko\upload\instructors' is denied.
System.IO.FileStream.ValidateFileHandle(SafeFileHandle fileHandle)
I gave full permissions to Fitko folder to these accounts
IUSR
Users
Administrators
network service
IIS AppPool\Fitko
yet still the UnauthorizedAccessException exception still throwing.
How can I give access permissions to IIS to write to the folder ?
I solve the issue by enabling windows authentication (I had Anonymous Authentication before, but probably it can be enabled together)
the setting is in
Web Project > Properties > Debug > Web Server Settings
and the flag seems to takes control even when the publish configuration is set to release.
In my opinion, the issue typically indicates a permission error of the specific folder.
What is your Application pool identity? try to right-click the folder and grant Everyone Account full access to the folder.
Besides, under certain cases, this might relate to our website framework technology.
https://github.com/stryker-mutator/stryker-net/issues/272
Feel free to let me know if the problem still exists.
In internet service manager right click on the default website, click on edit permission, click on the security tab the click on edit
Add built-in ISUR account to the website and give the appropriate access
and or add built in IIS_IUSERS account and do the same if the above does not work.
enter image description hereTwo of Azure Enterprise applications were showing below options till yesterday night under Manage blade:
Properties, Owners, Users and Groups, Provisioning, Application Proxy and Self-Service.
But, today I am seeing only three options, rest are missing: Properties, Owners and Provisioning
In the absence of Users and Groups, the owner of the applications can't add users or groups to this application.
In spite of having global admin access I can't see those missing options, The owner of these two Enterprise Applications also can't see those missing options.
None, of the MS article, talks about this issue, can someone please help how to get those options back.
It looks fine on my side. If you did nothing and the buttons disappeared, you need to raise a support ticket on Azure portal by following this link.
I want to hide two repositories (App 1 and 2 below) from the menu on a project on Azure DevOps.
Select a project -> Repos -> below
The reason is that App 1 and 2 have code, but are not being used at the moment. So we will show them in the future. Thus, we want the ability to show/hide them.
Any idea?
You can go in your azure devops setting to edit your repository settings.
In this page you can manage all security options and allow specific user to work with your branches.
Some documentation from Microsoft website :
https://learn.microsoft.com/en-us/azure/devops/organizations/security/set-git-tfvc-repository-permissions?view=vsts&tabs=new-nav
I found out that you can disable the repository. This will keep listing your disabled repositories but no one can access them. Instead, the repository page just warns about its disabled status (see the picture below).
See this article that brings more detail and is the source of the images below.
I have this team project in Azure DevOps (previously known as VSTS):
$\TempProjectA
I have this developer that can log into Azure DevOps and develop code:
username: first_developer#example-company.com
password: *****
I have this group that is called SingleFileReaders, and I've added first_developer#example-company.com to this group.
Then using Visual Studio's Source Control Explorer, I've browsed to $\TeamProjectA\FileToBeShared.java, right clicked on it, using Advanced menu I managed to get to Security pop-up. And there, I allowed the read option.
Now I login as first_developer#example-company.com into Visual Studio, but I don't see that file. In fact, I don't see TeamProjectA. What should I do?
You Should add the developer to the Project Team members, with contributor role.
Follow here, Since the UI is changed there are some difficulties to find the securities/adding user configuration in Azure DevOps
Security
Contributor role to access the Source codes
For anyone who's stuck in this point, the trick is to give View project-level information permission to your role/user first. Using built-in roles is not helpful as they have permissions much more than what I wanted. They give access to all files, at least read-only permission.