Configuring permissions in the source control repository is an imperative task in DevOps, and this is an essential topic you have to master for the AZ-400: Designing and Implementing Microsoft DevOps Solutions exam. Let’s go through how to set up these permissions.
First, let’s understand what permission control is. It is the process of granting or denying specific rights or permissions to a user, application, or process. In the context of source control repositories, this means managing who can access the repository and what actions they can perform, such as read, write, or execute commands.
Configuring Permissions
1. User-level Permissions:
To control individual user access, you can grant or deny specified permissions to individual users in the repository. Here’s a step by step method to do this:
- Navigate to your project and select ‘Project settings.’
- Under ‘Repositories,’ click on the required repository.
- In the ‘Permissions’ tab, you can add users and set their permissions.
2. Team-level Permissions:
To control team-level permissions, you can create a team, add users to the team, and grant permission to the team as a whole.
- Navigate to your project and select ‘Project settings.’
- Under ‘Teams,’ create a new team and add users to the team.
- Under ‘Repositories,’ click on the required repository.
- In the ‘Permissions’ tab, add the team and assign permissions.
Depending on your needs, you can choose between user-level or team-level permissions.
| User-Level | Team-Level | |
|---|---|---|
| Granularity | High (Permission can be set for each user) | Low (Permission sets apply to the entire team) |
| Management Effort | High (Individual users need to be managed separately) | Low (Teams can be managed as one unit) |
| Best for | Small projects or where individual roles differ greatly | Large projects with teams of users with similar roles |
Types of Permissions
There are several types of permissions available for repositories, including:
- Read: Granting this permission will allow users to read the files in your repository.
- Write: Granting this permission will allow users to commit and push changes to your repository.
- Administer: Granting this permission will give users administrative rights to your repository, which include changing repository settings, adding and removing users, and other administrative tasks.
In Azure DevOps, each permission can be set to Allow, Deny, or Inherit. ‘Allow’ grants the permission, ‘Deny’ blocks it, and ‘Inherit’ applies the settings from a parent group or from the project settings.
Bear in mind that a ‘Deny’ at any level trumps an ‘Allow.’
Access levels and licensing
Besides repository permissions, Azure DevOps also includes broader access levels that determine the features a user can use in the organization. Each access level corresponds to a type of license, so you’ll need to ensure that your users have the correct licenses.
| License type | Basic | Basic + Test Plans | Stakeholder |
|---|---|---|---|
| Description | Can use most features in Azure DevOps, including version control | Includes everything in Basic, plus additional test-related features | Has limited access, mainly to view work items |
A complete understanding and right implementation of these permissions are crucial for maintaining the security and the flow of the work in your repository, which is central to the AZ-400 exam. Knowing how to navigate and utilize these permissions will play a significant role in managing DevOps solutions efficiently and effectively.
Practice Test
True or False: In Azure DevOps services, permissions can be set at the user level.
- True
- False
Answer: True
Explanation: Permissions in Azure DevOps services can be set at different levels like Project level, Team level and Individual User level.
Which of the following Azure DevOps permissions allows a user to create branches in the source control repository?
- a) Create Branch
- b) Delete Repository
- c) Connect
- d) Read
Answer: a) Create Branch
Explanation: The “Create Branch” permission in Azure DevOps allows a user to create branches in the source control repository.
Can “Deny” permission override “Allow” permission in Azure DevOps source control?
- a) Yes
- b) No
Answer: a) Yes
Explanation: In Azure DevOps security model, if a user has an “Allow” permission but also, a “Deny” permission on the same security token, the “Deny” permission will override.
Can security groups be used in Azure DevOps to manage permissions?
- a) Yes
- b) No
Answer: a) Yes
Explanation: Security groups in Azure DevOps can be used to collectively manage users and their permissions in an organized manner.
True or False: “Delete Repository” permission allows a user to delete the source code files in the repository.
- True
- False
Answer: False
Explanation: “Delete Repository” permission allows a user to delete the entire repository, not individual source code files. For source code files, there are different permissions.
Which of the following are base Access Level groups in Azure DevOps?
- a) Stakeholder
- b) Basic
- c) Visual Studio Subscriber
- d) All of the above
Answer: d) All of the above
Explanation: All of these – Stakeholder, Basic, Visual Studio Subscriber – are base Access Level groups in Azure DevOps.
Who has the administrative rights to allow or deny permissions in Azure Repos?
- a) Project Collection Administrators
- b) Contributors
- c) All team members
- d) Only the creator of the repository
Answer: a) Project Collection Administrators
Explanation: Project Collection Administrators (PCA) have the administrative rights to allow or deny permissions in Azure Repos.
Which permission in Azure Repos allows to modify Git repository settings?
- a) Delete Repository
- b) Administer
- c) Create Branch
- d) Read
Answer: b) Administer
Explanation: The “Administer” permission allows to manage repository settings in Azure Repos.
Can you set default permissions in Azure DevOps which will be automatically applied to all new repositories?
- a) Yes
- b) No
Answer: a) Yes
Explanation: Default repository permissions can be set in Azure DevOps which are automatically applied to all new repositories.
Which permission in Azure Repos can override branch policy requirements to complete a pull request?
- a) Force Push
- b) Bypass Policies
- c) Create Branch
- d) Read
Answer: b) Bypass Policies
Explanation: The “Bypass Policies” permission allows a user to override branch policy requirements and complete a pull request without fulfilling them.
Interview Questions
What are the different types of permissions that can be configured in Azure DevOps for a source control repository?
The different types of permissions that can be configured in Azure DevOps for a source control repository are:
- Read
- Contribute
- Create branch
- Create tag
- Manage permissions
- Bypass policies
- Label
What is the purpose of the “Read” permission in a source control repository in Azure DevOps?
The “Read” permission allows users to view the content of the repository but not make any changes.
What actions can users perform with the “Contribute” permission in a source control repository in Azure DevOps?
Users with the “Contribute” permission can view, add, edit, and delete files within the repository.
What permission is required for users to create branches in a source control repository in Azure DevOps?
The “Create branch” permission is required for users to create branches in a source control repository.
How is the “Create tag” permission different from the “Create branch” permission in Azure DevOps source control?
The “Create tag” permission allows users to create tags, which are labels for specific points in the repository’s history, while the “Create branch” permission allows users to create branches to work on different aspects of the codebase separately.
What actions are permitted with the “Manage permissions” permission in a source control repository in Azure DevOps?
The “Manage permissions” permission allows users to modify permissions for other users within the repository.
When would a user need the “Bypass policies” permission in Azure DevOps source control?
The “Bypass policies” permission allows users to override branch policies, such as requiring code reviews or specific build validations, which could be necessary in exceptional circumstances.
What does the “Label” permission in Azure DevOps source control repositories allow users to do?
The “Label” permission allows users to apply labels to specific versions of files or folders in the repository.
How can permissions in Azure DevOps source control repositories be managed across multiple repositories?
Permissions in Azure DevOps source control repositories can be managed at the project level, allowing for consistent permissions across multiple repositories within the same project.
What is the significance of managing permissions effectively in a source control repository in Azure DevOps?
Managing permissions effectively ensures that users have the appropriate level of access to the repository, helping maintain security, compliance, and collaboration within a DevOps environment.
extutorials.com