How to: List all users and group permissions on Azure DevOps using Azure DevOps CLI
Oct 20, 2020
This script list all users on Azure DevOps organization and which groups they belong to
An original script is available on my GitHub repository. See bellow this script:
Let’s go understand each used command.
- PowerShell script will receive the following parameters:
- $PAT = Personal Access token to connect on Azure DevOps;
- $Organization = Organization URL to list all users and permissions.
2. az devops user list = use this command to list all users on Azure DevOps organization.
az devops user list
[--detect {false, true}]
[--org]
[--skip]
[--top]$allUsers = az devops user list --org $Organization | ConvertFrom-Jsonforeach($au in $allUsers.members)
{
Write-Host $au.user.principalName
}
3. az devops security group membership list = use this command to list all groups that based user is contained in.
az devops security group membership list --id
[--detect {false, true}]
[--org]
[--relationship {memberof, members}]$activeUserGroups = az devops security group membership list --id $au.user.principalName --org $Organization --relationship memberof | ConvertFrom-Json
4. After executing the script on PowerShell, will be generated a JSON file that lists all users and your respective groups.
5. After creating JSON, I connected it on Power BI, as shown bellow:
- Groups Filter (1): filter a respective group to list users;
- User Name (2): list a specific user;
- Group Name (3): list group names;
- Principal Name (4): list respective users.
