问题
I want to poll an Azure Repo for changes with Git. A personal access token from my account would give it too much permissions.
Should I create a new user in Azure AD, add it to Azure Repo with read only and use it in the script? Or is there a better way than creating real users.
回答1:
If you want to allow your git script to only access one specific Azure Repo. I'm afraid you will need to create a new user as a service account.
After the service account is created and added to your azure devops organization. You can set its access permission to only one repo in the project settings page. See below:
- First deny its access to all the repositories.
Project settings-->Click Git repositories-->Search for the service account-->Deny Read permission
- Then allow the Read permission to that one specific repository.
Project settings-->Select the repository you want allow the read permission-->Search for the service account-->Allow Read permission
The PAT generated from this service account will only have the access to that specific repo.
来源:https://stackoverflow.com/questions/61799938/giving-a-script-git-access-to-a-single-azure-repo