az devops security permission

Manage security permissions.

Commands

az devops security permission list List tokens for given user/group and namespace.
az devops security permission namespace Manage security namespaces.
az devops security permission namespace list List all available namespaces for an organization.
az devops security permission namespace show Show details of permissions available in each namespace.
az devops security permission reset Reset permission for given permission bit(s).
az devops security permission reset-all Clear all permissions of this token for a user/group.
az devops security permission show Show permissions for given token, namespace and user/group.
az devops security permission update Assign allow or deny permission to given user/group.

az devops security permission list

List tokens for given user/group and namespace.

az devops security permission list --id
--subject
[--detect {false, true}]
[--org]
[--recurse]
[--token]

Required Parameters

--id --namespace-id

ID of security namespace.

--subject

User Email ID or Group descriptor.

Optional Parameters

--detect

Automatically detect organization.

accepted values: false, true
--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

--recurse

If true and this is a hierarchical namespace, return child ACLs of the specified token.

--token

Security token.

az devops security permission reset

Reset permission for given permission bit(s).

az devops security permission reset --id
--permission-bit
--subject
--token
[--detect {false, true}]
[--org]

Required Parameters

--id --namespace-id

ID of security namespace.

--permission-bit

Permission bit or addition of permission bits which needs to be reset for given user/group and token.

--subject

User Email ID or Group descriptor.

--token

Security token.

Optional Parameters

--detect

Automatically detect organization.

accepted values: false, true
--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

az devops security permission reset-all

Clear all permissions of this token for a user/group.

az devops security permission reset-all --id
--subject
--token
[--detect {false, true}]
[--org]
[--yes]

Required Parameters

--id --namespace-id

ID of security namespace.

--subject

User Email ID or Group descriptor.

--token

Security token.

Optional Parameters

--detect

Automatically detect organization.

accepted values: false, true
--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

--yes -y

Do not prompt for confirmation.

az devops security permission show

Show permissions for given token, namespace and user/group.

az devops security permission show --id
--subject
--token
[--detect {false, true}]
[--org]

Required Parameters

--id --namespace-id

ID of security namespace.

--subject

User Email ID or Group descriptor.

--token

Security token.

Optional Parameters

--detect

Automatically detect organization.

accepted values: false, true
--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

az devops security permission update

Assign allow or deny permission to given user/group.

az devops security permission update --id
--subject
--token
[--allow-bit]
[--deny-bit]
[--detect {false, true}]
[--merge {false, true}]
[--org]

Required Parameters

--id --namespace-id

ID of security namespace.

--subject

User Email ID or Group descriptor.

--token

Security token.

Optional Parameters

--allow-bit

Allow bit or addition of bits. Required if --deny-bit is missing.

--deny-bit

Deny bit or addition of bits. Required if --allow-bit is missing.

--detect

Automatically detect organization.

accepted values: false, true
--merge

If set, the existing ACE has its allow and deny merged with the incoming ACE's allow and deny. If unset, the existing ACE is displaced.

accepted values: false, true
default value: 1
--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.