How to: Extract Project Level Permissions from the respective user, and project

  1. PowerShell script will receive the following parameters:
  • $PAT = Personal Access token to connect on Azure DevOps;
  • $Organization = Organization URL to list permissions on Project Level;
  • ProjectName = Team Project name that contains Projects to which permissions will be extracted;
  • mailAdress = e-mail from respective user to which permissions will be extracted;
  • $Connstr = connection string to Azure SQL Database to store the report information. To create this report, it’s necessary to create previously a Azure SQL Server and Database and run a script below:
$allUsers = az devops user list 
--org $Organization | ConvertFrom-Json
$allUsers = $allUsers.members $allUsers = $allusers.user | where-object {$_.mailAddress -eq $mailAddress}
$allProjects = az devops project list
--org $Organization
--top 500 | ConvertFrom-Json
$allProjects = $allProjects.value | Where name -EQ $ProjectName
$activeUserGroups = az devops security group membership list 
--id $allUsers.principalName
--org $Organization
--relationship memberof | ConvertFrom-Json
$SecurityNameSpaceIds = @(    
[pscustomobject]@{
SecurityNameSpace='Project';
SecurityIdSpace='52d39943-cb85-4d7f-8fa8-c6baac873819'}
[pscustomobject]@{
SecurityNameSpace='Tagging';
SecurityIdSpace='bb50f182-8e5e-40b8-bc21-e8752a1e7ae2'}
[pscustomobject]@{
SecurityNameSpace='AnalyticsViews';
SecurityIdSpace='d34d3680-dfe5-4cc6-a949-7d9c68f73cba'}
[pscustomobject]@{
SecurityNameSpace='Analytics';
SecurityIdSpace='58450c49-b02d-465a-ab12-59ae512d6531'}
)
  • Project = $PROJECT:vstfs:///Classification/TeamProject/PROJECT_ID
'Project' { $Token = "`$PROJECT:vstfs:///Classification/TeamProject/$($allProjects.id)" }
  • Tagging = /PROJECT_ID
'Tagging' { $Token = "/$($allProjects.id)" }
  • AnalyticsView = $/Shared/PROJECT_ID
'AnalyticsViews' { $Token = "`$/Shared/$($allProjects.id)" }                
  • Analytics = $/PROJECT_ID
'Analytics' { $Token = "`$/$($allProjects.id)" }
$projectCommands = az devops security permission show 
--id $snsi.SecurityIdSpace
--subject $activeUserGroups.$aug.descriptor
--token $Token
--org $Organization | ConvertFrom-Json
  • Azure DevOps Groups (1) = Filter Azure DevOps Groups to which the user belongs;
  • Azure DevOps Groups (2) = list all Azure DevOps groups to which the user belongs;
  • Permission Group Type (3) = List of Permission Group Type (Analytics, Boards, General, Test Plans);
  • Command (4) = List of commands available to Project Level;
  • Permission (5) = Permission type (Allow, Deny, Not set, etc.).

--

--

--

Tech Solution Architect Manager na Accenture

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

ERC721SmartToken — ERC721 Token with ERC20 Adapter

Image result for erc721

Stock Distribution Analysis in Python

Serving Static Files with Custom Headers using Golang

It works on my machine…

SUGAR BOUNCE AMA RECAP

C# LINQ — “Any”

Using Molecule to test Ansible roles on Windows

5 Things You Can Do With nSide

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vinicius Moura

Vinicius Moura

Tech Solution Architect Manager na Accenture

More from Medium

AZURE AD APP REGISTRATION — CREATE APP ROLES USING MS GRAPH API AND POWERSHELL

Azure DevOps — Replace tokens/key in JSON using File Transform in YAML Pipeline.

Delete the project WIKI in Azure DevOps with Azure CLI

Private linking an Azure Container App Environment