To allow users access to only specific tenants installed onto Configuration Manager, follow this guide.
The user does not need to be added to any group at the DevOps organization level. Instead, we will create a group at the project level with specific access to the tenants you would like.
Step 1: access Azure DevOps
- Access Azure DevOps
Step 2: add a user (optional)
- If adding a new user, Navigate to “Organization Settings” > “Users” > “Add Users”
- Add the user, but don't add to the Tenants project
Step 3: add a group
- Select the project containing the desired tenants > “Project Settings” > “Permissions”
- Add a “New Group”
- Select the newly created group and edit the following:
- Under “Permissions”, set View permissions for this node to “Allow“
- Under “Members”, add users you would like to access a specific tenant
- Ensure under “Member of”, “Project Valid Users” is added
Step 4: set permissions in repository
- Navigate to “Project Settings” > “Repositories“
- Select the repository for the tenant you are granting access
- Select the “Security” tab and search for the group you created earlier
- Set permissions accordingly. To perform all actions, permissions should mirror the Contributors group scopes
Step 5: set permissions in pipeline
- Navigate to “Pipelines”
- Select the pipeline for the tenant you are granting access
- Select the “More Options” (three dots in top right), then “Manage security” and search for the group you created earlier
- Set permissions accordingly. To perform all actions, permissions should mirror the Contributors group scopes
Step 6: ensure the group has appropriate access to the DevOps service connections
- Navigate to “Project Settings” > “Service connections”
- Do the following for both
simeoncloud
andsimeoncloud-packages
- Click the three dots in the top right corner > “Security”
- Ensure your group is added with Administrator-level access