I have got the following error , 
If I don't have right to authorize ( I don't have right to create service principal) , but another person has right to create service principal but no access to devops .
what's the proper procedure to make the Azure pipeline work ?
Hi,
Azure DevOps related questions are not supported on this forum. It's better to reach out to experts in a dedicated forum over here:
Please don't forget to Accept Answer and Up-vote if the response helped -- Vaibhav
You can have the person with access to create an app registration/service principals do that part, and also generate a secret or upload a certificate. Then in Azure DevOps, create the service connection using the Azure Resource Manager connection type and then choosing the Service Principal (manual) authentication method. You can then provide the requisite details(Service Principal ID, Subscription ID/Name, Tenant ID and the Secret/Certificate) and test/save the connection.
thanks . but in manual method , how to bound to just a resource group ? I can't see this option .
Subscription is the lowest option but, luckily, the permissions are determined by what access you grant to the service principal on Azure's end. So you can create a Service Connection in Azure DevOps that is scoped to a subscription, but in Azure, only grant that service principal IAM/Control Plane permissions at the resource group level. I would encourage you to add information to that effect to the description field to avoid future confusion. If my response helped at all, don't forget to mark it as an answer.
6 people are following this question.
