I created an Azure repos (the first of my life ;-) and I have invited people to work on the project. They have a microsoft account. This is the free Azure environment.
I want to be notified when they submit their work and accept or reject it before I accept to commit the modification in the branches.
I am confused about the amount of working group options and I did not found the way to do what I want!
Does someone know what configuration must be done with their accounts / the Azure authorizations ?
Found :
Go to the Azure project settings and in the left column, click on repositories. Then, change the authorizations given to the groups - developpers. You can now allow contributors to check in but if you do so, they can check in and I have no way to accept or reject the modification. In the other way, if you select deny to push in, they cannot push anything at all.
Git on azure allows for code validation before to commit. TFS Doesn't. A work around is to create a pullrequest folder where contributors are allowed to push in and be notified each time someone pushes their code in it. Verify and then merge / push in the corresponding branch.
Related
I would like to get all of the history of Azure Repos.
I would like to get histories of "who/when clone/fork/download repository".
I mean logging of user action.
Is it possible for Azure DevOps(Repos)?
I am afraid, I believe this feature doesn't exist yet. For auditing access or changes etc, a feature as such doesn't exist but by using Azure Active Directory, you can limit the usage or access to say "Read-Only" within your organisation. Also, a similar solution is given here.
What are the best practices for accesses permission for programmers working in Azure DevOps? I would like the programmers to be able to use it, by for example having the possibility to create branches.
As far as I can understand by reading documents such as
https://learn.microsoft.com/en-us/azure/devops/organizations/security/set-git-tfvc-repository-permissions?view=azure-devops#git-repository
The only permission needed is a contributor? Is this correct or have I misunderstood the whole thing? The organization I’m working for have for example set the contributor to be a member of :
Build Administrators, Endpoint creators, Release Administrators
Creating users is different thing and assining rights is different thing. Your are looking for something named Policies.
Check for Branching policies in this case.
EDIT:
I was confused with the branching rights, however you can follow the Repository Permissions and Branch permissions to find how you can give permissions on your projects to users
You need to navigate to project settings and then to repositories. there you will find list of repositories and each repo can have certain rights assigned to it. some are inherited, some assigned. You can modify those to fit your likings.
this is the url: https://dev.azure.com/org_name/project_name/_settings/repositories
For more details, follow this link: https://learn.microsoft.com/en-us/azure/devops/organizations/security/set-git-tfvc-repository-permissions?view=azure-devops
thanks for you quick answer. Have digged into the documentation and repository permissions. I gave definitely som insight. My concern is that I want a predefined setting for managing the code repository on a team level, thus would no want to give project permission to the programmers. In my azure devops setup I have only on organization with hundreds of teams.
As I understand it, the permission for the repos are set at the project level. I would like to minimize the project level access since it gives to wide accesses in other cases and other teams. So my hope was that giving programmers contributor access would give the more or less all needed access for the repos out of the box. Such as:
1. Clone, fetch, contribute to pull requests, and explore the contents of a repository
2. Contribute to a repository, create branches, create tags, manage notes
Do not really understand why more access are needed. But could for example give the security control to the build admin role by granting the access to change permission. In this case the ones with build amdnin could adminitrate the security for its own team repos.
Any thoughs on this? Apologize if I have misunderstood you answer...
I am looking to find access logs for azure devops to
1) List time and date of authorized users who have accessed the code repository
2) List the changes made for all of the the repository and by whom
3) Assuage audit fears of unauthorized users downloading the code
Looks like there is auditing capabilities slotted in the roadmap but I need something now. I tried using the azure portals activity logs but I get zero results for azure devops events
Note: we do not use Active Directory integration yet
Any help is greatly appreciated
For auditing repo changes, every write operation in source control is part of its history.
For limiting read access, you already know the solution, because you said you aren't using it yet: Azure AD. Limit access to within your organization.
For auditing access, as you said, there is no solution yet, it's on the backlog. The reason it's on the backlog is because there is no way to do it at the moment.
I have created a gitlab repo and also have set up SSH keys. I can push my changes to the repo. When another developer wants to contribute to the same repo (project), how can I set up Gitlab so that he can also work with the repository. I would be glad if someone can give me instructions as to how to do that as steps.
He is going to need to setup his own SSH key or you will need to give him one of the private keys if that's the route you want to go...
Otherwise, you could just invite him to edit the repo (assuming he has an account). To navigate to those settings go to your desired project repository in your web browser, and find the "Settings" menu on the left side. Inside there, you will see "Members". There you can enter the developer's credentials to allow him access to the repo.
My company want to get VSTS. But they do not want users to be able to access their personal VSTS accounts at work. They are concerned that users will upload source code to their personal VSTS accounts and download it at home. Or worse, they are worried that users can upload a virus to their personal VSTS account, come into work and download it. I'm sure everyone will understand why they want to do this.
Without getting into ethical reasons about how companies need to trust employees etc......They want to stop this or reduce this as much as possible.
Is there any guidance on how to achieve this?
One solution is to maybe block *.visualstuido.com but whitelist only our company VSTS account? This is messy because there will be a bunch of other visualstudio.com urls that we will need to access such as {accountname}.vsrm.visualstudio.com.
There is no way for us to know all the urls that we will need to allow access if we block *.visualstudio.com
any advice is appreciated!
I don’t think you can achieve it. There are many ways that can store/download the source code except VSTS, such as github. Users also can upload/download the source code through email. So you can’t prevent them to do it unless block to access internet.
The simple way is that:
Build an intranet network
Clone VSTS repository to a shared folder
Others work with that repository (commit changes to that repository)
Push changes to VSTS by yourself or build the app to track repository and push commits automatically.