问题
Let's say I have created a new project (MyProject) on ADO. In it, I have 2 repositories (MyRepo1 and MyRepo2). I would like to invite another user to contribute code to MyRepo1, but don't want them seeing MyRepo2. How can this be done?
I have tried creating a team (Team1) for MyRepo1 and adding the user to that team. However, they still cannot see anything in ADO under my project. If I add them to the default team of the project, they can see all the repos (bad). This is how I set up Team1:
As an aside, if anyone knows of a good comprehensive reference for the proper way of using and orchestrating Organizations, Projects, Teams, Areas, Azure DevOps Groups, Users, Repositories, etc., please let me know. Each time I think I have these things under control, I get stuck in some scenario like this one. Add in Azure AD and Azure Subscriptions, and things get pretty hairy sometimes.
回答1:
I know this is an old question, but I came here because I had the same challenge, and wanted to present my solution, in case others have found themselves in the same situation.
First go to Project Settings | Permissions and add a new group for the selected users. Choose the newly created group and set Allow in 'View project-level information'.
Back in Project Settings click Repositories and click the Repository, you want to grant access to. Click Permissions and search for the new group. Set Allow in relevant permissions (for me it was Contribute, Contribute to pull requests, Create branch, Create tag, Manage notes, and Read).
The users in this group can see the project overview, but no pipelines and only the selected repository.
You do not need to worry that repositories added later will be visible to this group either.
回答2:
I would like to invite another user to contribute code to MyRepo1, but don't want them seeing MyRepo2. How can this be done?
The place you configured permissions is correct, but it seems you've set the wrong permission.
If you want to ensure that users in Team1 can contribute to MyRepos1, but cannot view MyRepos2, then, in the project settings page, go to MyRepos2-> Team1, and set the Read permission to Deny. This setting means "do not allow Team1 members to have read permissions for MyRepos2."
The configuration should look like this:
After this adjustment, the members of Team1 will not be able to see MyRepos2. When attempting to open MyRepos2, they will see the message below;
a good comprehensive reference for the proper way of using and orchestrating Organizations, Projects, Teams, Areas, Azure DevOps Groups, Users, Repositories, etc
That is a large range of material. I can't give you such a reference. I can just share some of my experience with you.
(1) If you want to set the user's permission to access some projects, just go to the Users tab on the Organization Settings page, click the ellipsis icon, and choose Manage Projects:
(2) In the Permissions tab of the Organization Settings page, you can set permissions which affect the whole organization, including all projects/repos.
For any specific object permission (build, workitem, etc.), just go to the corresponding object and configure it.
In the docs, we offer precise permission setting descriptions. You can refer to them here:
Permissions and groups in Azure DevOps
Permissions lookup guide
If these are not enough for you, just share your problems or questions here. Maybe I can advise you further.
来源:https://stackoverflow.com/questions/57599721/azure-devops-permissions-for-individual-repositories