How to: Extract Iteration Path Permissions from the respective user, and project in Azure DevOps

  1. PowerShell script will receive the following parameters:
  • $PAT = Personal Access token to connect on Azure DevOps;
  • $Organization = Organization URL to list permissions on Iteration Paths;
  • ProjectName = Team Project name that contains Iterations to which permissions will be extracted;
  • mailAdress = e-mail from respective user to which permissions will be extracted;
  • $Connstr = connection string to Azure SQL Database to store the report information. To create this report, it’s necessary to create previously a Azure SQL Server and Database and run a script below:
$allUsers = az devops user list 
--org $Organization | ConvertFrom-Json
$allUsers = $allUsers.members $allUsers = $allusers.user | where-object {$_.mailAddress -eq $mailAddress}
$allProjects = az devops project list 
--org $Organization --top 500 | ConvertFrom-Json
$allProjects = $allProjects.value | Where name -EQ $ProjectName
#Get Root Iteration Path$AzureDevOpsAuthenicationHeader = @{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($PAT)")) }$uriProjectRootIteration = $Organization + "/$($ProjectName)/_apis/wit/classificationnodes?api-version=6.0"$ProjectRootIterationResult = Invoke-RestMethod -Uri $uriProjectRootIteration -Method get -Headers $AzureDevOpsAuthenicationHeader$ProjectRootIterationResult = $ProjectRootIterationResult.value | Where structureType -EQ "iteration"$iterationRootToken = "vstfs:///Classification/Node/$($ProjectRootIterationResult.identifier)*"
$activeUserGroups = az devops security group membership list 
--id $allUsers.principalName
--org $Organization
--relationship memberof | ConvertFrom-Json
$SecurityNameSpaceIdIteration = "bf7bfa03-b2b7-47db-8113-fa2e002cc5b1"
#Get All Tokens from respective group and filter respective project        $allIterationsTokens = az devops security permission list 
--id $SecurityNameSpaceIdIteration
--subject $activeUserGroups.$aug.descriptor | ConvertFrom-Json
$allIterationsTokens = $allIterationsTokens | where-object {$_.token -like $iterationRootToken}
$iterationToken = "vstfs:///Classification/Node/$($ProjectRootIterationResult.identifier)
  • Identifier = Identifier of respective Iteration Path.
$IterationCommands = az devops security permission show 
--id $SecurityNameSpaceIdIteration
--subject $activeUserGroups.$aug.descriptor
--token $ait.token
--org $Organization | ConvertFrom-Json
  • Iteration Path (1) = Filter Iteration Path to verify respective permissions;
  • Azure DevOps Groups (2) = Filter Azure DevOps Groups to which the user belongs;
  • Azure DevOps Groups (3) = list all Azure DevOps groups to which the user belongs;
  • Command (4) = List of commands available to Iteration Path;
  • Permission (5) = Permission type (Allow, Deny, Not set, etc.).




Tech Solution Architect Manager na Accenture

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

DevOps Success: What to Measure and Why

An intro to physics in Unity

Git Basics

Introduction of Scrum Methodology in Software Development

Lessons Learnt From Shipping An AI Application

ATDD - Acceptance test driven development at ASOS

Related image

Getting started with WebRTC for Android — Loopback P2P calls

Continuous Integration

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vinicius Moura

Vinicius Moura

Tech Solution Architect Manager na Accenture

More from Medium

How to: Secrets Mapping on GitHub

Azure Automation Runbooks and Webhooks

Configure Azure Multi-Factor Authentication in Azure

What are Azure Blueprints and How to build your first Azure Blueprint?