How do I set the build authorization scope for my project?

Question

Right now my NuGet restore fails since the project build user doesn\'t have contributor access to the package feed.

/usr/share/dotnet/sdk/3.0.100/NuGe

Answer 1

All answers are valid but it depends.

Take into account that only Contributor and Owner roles are allowed to push packages read the docs here.

Then also remember Scoped build identities .

Azure DevOps uses two built-in identities to execute pipelines.

• A collection-scoped identity, which has access to all projects in the collection (or organization for Azure DevOps Services)
• A project-scoped identity, which has access to a single project

...

By default, the collection-scoped identity is used, unless the Limit job authorization scope to current project is set in Project Settings > Settings.

With this in mind follow the next steps:

1. You need to check which identity is being used for your pipelines:

For me is project-scoped identity

2. Add/Check the Feed Permissions as it may apply (I'll leave a description below the image)

• No. 1 If the identity is collection-scoped
• No. 2 If the identity is project-scoped
• No. 3 Give your contributors the least privilege principle if it applies. (For me its ok to leave them read the feed, and the pipeline or me are the only ones allowed to push packages)

Remember again you need to use Owner or Contributor roles.