Security Namespaces - Query

List all security namespaces or just the specified namespace.

GET https://dev.azure.com/{organization}/_apis/securitynamespaces/{securityNamespaceId}?api-version=5.0
GET https://dev.azure.com/{organization}/_apis/securitynamespaces/{securityNamespaceId}?localOnly={localOnly}&api-version=5.0

URI Parameters

Name In Required Type Description
organization
path
  • string

The name of the Azure DevOps organization.

securityNamespaceId
path
  • string
uuid

Security namespace identifier.

localOnly
query
  • boolean

If true, retrieve only local security namespaces.

api-version
query True
  • string

Version of the API to use. This should be set to '5.0' to use this version of the api.

Responses

Name Type Description
200 OK

successful operation

Security

accessToken

Personal access token. Use any value for the user name and the token as the password.

Type: basic

Examples

All security namespaces
Get the specified security namespace

All security namespaces

Sample Request

GET https://dev.azure.com/fabrikam/_apis/securitynamespaces?api-version=5.0

Sample Response

{
  "count": 10,
  "value": [
    {
      "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866",
      "name": "Identity",
      "displayName": "Identity",
      "separatorValue": "\\",
      "elementLength": -1,
      "writePermission": 4,
      "readPermission": 1,
      "dataspaceCategory": "Default",
      "actions": [
        {
          "bit": 1,
          "name": "Read",
          "displayName": "View identity information",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 2,
          "name": "Write",
          "displayName": "Edit identity information",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 4,
          "name": "Delete",
          "displayName": "Delete identity information",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 8,
          "name": "ManageMembership",
          "displayName": "Manage group membership",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 16,
          "name": "CreateScope",
          "displayName": "Create identity scopes",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        }
      ],
      "structureValue": 1,
      "extensionType": "Microsoft.TeamFoundation.Framework.Server.IdentitySecurityNamespaceExtension",
      "isRemotable": false,
      "useTokenTranslator": false
    },
    {
      "namespaceId": "445d2788-c5fb-4132-bbef-09c4045ad93f",
      "name": "WorkItemTrackingAdministration",
      "displayName": "WorkItemTrackingAdministration",
      "separatorValue": "\u0000",
      "elementLength": -1,
      "writePermission": 1,
      "readPermission": 0,
      "dataspaceCategory": "WorkItem",
      "actions": [
        {
          "bit": 1,
          "name": "ManagePermissions",
          "displayName": "Manage permissions",
          "namespaceId": "445d2788-c5fb-4132-bbef-09c4045ad93f"
        },
        {
          "bit": 2,
          "name": "DestroyAttachments",
          "displayName": "Destroy attachments",
          "namespaceId": "445d2788-c5fb-4132-bbef-09c4045ad93f"
        }
      ],
      "structureValue": 0,
      "extensionType": null,
      "isRemotable": false,
      "useTokenTranslator": false
    },
    {
      "namespaceId": "101eae8c-1709-47f9-b228-0e476c35b3ba",
      "name": "DistributedTask",
      "displayName": "DistributedTask",
      "separatorValue": "/",
      "elementLength": -1,
      "writePermission": 8,
      "readPermission": 1,
      "dataspaceCategory": "DistributedTask",
      "actions": [
        {
          "bit": 1,
          "name": "View",
          "displayName": "View",
          "namespaceId": "101eae8c-1709-47f9-b228-0e476c35b3ba"
        },
        {
          "bit": 2,
          "name": "Manage",
          "displayName": "Manage",
          "namespaceId": "101eae8c-1709-47f9-b228-0e476c35b3ba"
        },
        {
          "bit": 4,
          "name": "Listen",
          "displayName": "Listen",
          "namespaceId": "101eae8c-1709-47f9-b228-0e476c35b3ba"
        },
        {
          "bit": 8,
          "name": "AdministerPermissions",
          "displayName": "Administer Permissions",
          "namespaceId": "101eae8c-1709-47f9-b228-0e476c35b3ba"
        },
        {
          "bit": 16,
          "name": "Use",
          "displayName": "Use",
          "namespaceId": "101eae8c-1709-47f9-b228-0e476c35b3ba"
        },
        {
          "bit": 32,
          "name": "Create",
          "displayName": "Create",
          "namespaceId": "101eae8c-1709-47f9-b228-0e476c35b3ba"
        }
      ],
      "structureValue": 1,
      "extensionType": "Microsoft.TeamFoundation.DistributedTask.Server.Extensions.TaskSecurityExtension",
      "isRemotable": false,
      "useTokenTranslator": false
    },
    {
      "namespaceId": "71356614-aad7-4757-8f2c-0fb3bff6f680",
      "name": "WorkItemQueryFolders",
      "displayName": "WorkItemQueryFolders",
      "separatorValue": "/",
      "elementLength": -1,
      "writePermission": 8,
      "readPermission": 1,
      "dataspaceCategory": "WorkItem",
      "actions": [
        {
          "bit": 1,
          "name": "Read",
          "displayName": "Read",
          "namespaceId": "71356614-aad7-4757-8f2c-0fb3bff6f680"
        },
        {
          "bit": 2,
          "name": "Contribute",
          "displayName": "Contribute",
          "namespaceId": "71356614-aad7-4757-8f2c-0fb3bff6f680"
        },
        {
          "bit": 4,
          "name": "Delete",
          "displayName": "Delete",
          "namespaceId": "71356614-aad7-4757-8f2c-0fb3bff6f680"
        },
        {
          "bit": 8,
          "name": "ManagePermissions",
          "displayName": "Manage Permissions",
          "namespaceId": "71356614-aad7-4757-8f2c-0fb3bff6f680"
        },
        {
          "bit": 16,
          "name": "FullControl",
          "displayName": "Full Control",
          "namespaceId": "71356614-aad7-4757-8f2c-0fb3bff6f680"
        }
      ],
      "structureValue": 1,
      "extensionType": null,
      "isRemotable": false,
      "useTokenTranslator": true
    },
    {
      "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87",
      "name": "Git Repositories",
      "displayName": "Git Repositories",
      "separatorValue": "/",
      "elementLength": -1,
      "writePermission": 8192,
      "readPermission": 2,
      "dataspaceCategory": "Git",
      "actions": [
        {
          "bit": 1,
          "name": "Administer",
          "displayName": "Administer",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 2,
          "name": "GenericRead",
          "displayName": "Read",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 4,
          "name": "GenericContribute",
          "displayName": "Contribute",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 8,
          "name": "ForcePush",
          "displayName": "Force push (rewrite history and delete branches)",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 16,
          "name": "CreateBranch",
          "displayName": "Create branch",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 32,
          "name": "CreateTag",
          "displayName": "Create tag",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 64,
          "name": "ManageNote",
          "displayName": "Manage notes",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 128,
          "name": "PolicyExempt",
          "displayName": "Bypass policies when pushing",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 256,
          "name": "CreateRepository",
          "displayName": "Create repository",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 512,
          "name": "DeleteRepository",
          "displayName": "Delete repository",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 1024,
          "name": "RenameRepository",
          "displayName": "Rename repository",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 2048,
          "name": "EditPolicies",
          "displayName": "Edit policies",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 4096,
          "name": "RemoveOthersLocks",
          "displayName": "Remove others' locks",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 8192,
          "name": "ManagePermissions",
          "displayName": "Manage permissions",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 16384,
          "name": "PullRequestContribute",
          "displayName": "Contribute to pull requests",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 32768,
          "name": "PullRequestBypassPolicy",
          "displayName": "Bypass policies when completing pull requests",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        }
      ],
      "structureValue": 1,
      "extensionType": null,
      "isRemotable": true,
      "useTokenTranslator": false
    },
    {
      "namespaceId": "4ae0db5d-8437-4ee8-a18b-1f6fb38bd34c",
      "name": "Registry",
      "displayName": "Registry",
      "separatorValue": "/",
      "elementLength": -1,
      "writePermission": 2,
      "readPermission": 1,
      "dataspaceCategory": "Default",
      "actions": [
        {
          "bit": 1,
          "name": "Read",
          "displayName": "Read registry entries",
          "namespaceId": "4ae0db5d-8437-4ee8-a18b-1f6fb38bd34c"
        },
        {
          "bit": 2,
          "name": "Write",
          "displayName": "Write registry entries",
          "namespaceId": "4ae0db5d-8437-4ee8-a18b-1f6fb38bd34c"
        }
      ],
      "structureValue": 1,
      "extensionType": null,
      "isRemotable": false,
      "useTokenTranslator": false
    },
    {
      "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e",
      "name": "VersionControlItems2",
      "displayName": "VersionControlItems2",
      "separatorValue": "/",
      "elementLength": -1,
      "writePermission": 1024,
      "readPermission": 1,
      "dataspaceCategory": "VersionControl",
      "actions": [
        {
          "bit": 1,
          "name": "Read",
          "displayName": "Read",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 2,
          "name": "PendChange",
          "displayName": "Pend a change in a server workspace",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 4,
          "name": "Checkin",
          "displayName": "Check in",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 8,
          "name": "Label",
          "displayName": "Label",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 16,
          "name": "Lock",
          "displayName": "Lock",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 32,
          "name": "ReviseOther",
          "displayName": "Revise other users' changes",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 64,
          "name": "UnlockOther",
          "displayName": "Unlock other users' changes",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 128,
          "name": "UndoOther",
          "displayName": "Undo other users' changes",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 256,
          "name": "LabelOther",
          "displayName": "Administer labels",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 1024,
          "name": "AdminProjectRights",
          "displayName": "Manage permissions",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 2048,
          "name": "CheckinOther",
          "displayName": "Check in other users' changes",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 4096,
          "name": "Merge",
          "displayName": "Merge",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 8192,
          "name": "ManageBranch",
          "displayName": "Manage branch",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        }
      ],
      "structureValue": 1,
      "extensionType": "Microsoft.TeamFoundation.VersionControl.Server.PlugIns.RepositorySecurityNamespaceExtension",
      "isRemotable": true,
      "useTokenTranslator": true
    },
    {
      "namespaceId": "2bf24a2b-70ba-43d3-ad97-3d9e1f75622f",
      "name": "EventSubscriber",
      "displayName": "EventSubscriber",
      "separatorValue": ":",
      "elementLength": -1,
      "writePermission": 2,
      "readPermission": 1,
      "dataspaceCategory": "Default",
      "actions": [
        {
          "bit": 1,
          "name": "GENERIC_READ",
          "displayName": "View",
          "namespaceId": "2bf24a2b-70ba-43d3-ad97-3d9e1f75622f"
        },
        {
          "bit": 2,
          "name": "GENERIC_WRITE",
          "displayName": "Edit",
          "namespaceId": "2bf24a2b-70ba-43d3-ad97-3d9e1f75622f"
        }
      ],
      "structureValue": 1,
      "extensionType": null,
      "isRemotable": false,
      "useTokenTranslator": false
    },
    {
      "namespaceId": "5a6cd233-6615-414d-9393-48dbb252bd23",
      "name": "WorkItemTrackingProvision",
      "displayName": "WorkItemTrackingProvision",
      "separatorValue": "/",
      "elementLength": -1,
      "writePermission": 1,
      "readPermission": 0,
      "dataspaceCategory": "WorkItem",
      "actions": [
        {
          "bit": 1,
          "name": "Administer",
          "displayName": "Administer",
          "namespaceId": "5a6cd233-6615-414d-9393-48dbb252bd23"
        },
        {
          "bit": 2,
          "name": "ManageLinkTypes",
          "displayName": "Manage work item link types",
          "namespaceId": "5a6cd233-6615-414d-9393-48dbb252bd23"
        }
      ],
      "structureValue": 1,
      "extensionType": "Microsoft.TeamFoundation.WorkItemTracking.Server.WitProvisionSecurityExtension",
      "isRemotable": false,
      "useTokenTranslator": true
    },
    {
      "namespaceId": "49b48001-ca20-4adc-8111-5b60c903a50c",
      "name": "ServiceEndpoints",
      "displayName": "ServiceEndpoints",
      "separatorValue": "/",
      "elementLength": -1,
      "writePermission": 2,
      "readPermission": 0,
      "dataspaceCategory": "Default",
      "actions": [
        {
          "bit": 1,
          "name": "View",
          "displayName": "View Endpoint",
          "namespaceId": "49b48001-ca20-4adc-8111-5b60c903a50c"
        },
        {
          "bit": 2,
          "name": "Administer",
          "displayName": "Administer Endpoint",
          "namespaceId": "49b48001-ca20-4adc-8111-5b60c903a50c"
        },
        {
          "bit": 4,
          "name": "Create",
          "displayName": "Create Endpoint",
          "namespaceId": "49b48001-ca20-4adc-8111-5b60c903a50c"
        },
        {
          "bit": 8,
          "name": "ViewAuthorization",
          "displayName": "View Authorization",
          "namespaceId": "49b48001-ca20-4adc-8111-5b60c903a50c"
        }
      ],
      "structureValue": 1,
      "extensionType": null,
      "isRemotable": false,
      "useTokenTranslator": true
    }
  ]
}

Get the specified security namespace

Sample Request

GET https://dev.azure.com/fabrikam/_apis/securitynamespaces/5a27515b-ccd7-42c9-84f1-54c998f03866?api-version=5.0

Sample Response

{
  "count": 1,
  "value": [
    {
      "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866",
      "name": "Identity",
      "displayName": "Identity",
      "separatorValue": "\\",
      "elementLength": -1,
      "writePermission": 4,
      "readPermission": 1,
      "dataspaceCategory": "Default",
      "actions": [
        {
          "bit": 1,
          "name": "Read",
          "displayName": "View identity information",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 2,
          "name": "Write",
          "displayName": "Edit identity information",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 4,
          "name": "Delete",
          "displayName": "Delete identity information",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 8,
          "name": "ManageMembership",
          "displayName": "Manage group membership",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 16,
          "name": "CreateScope",
          "displayName": "Create identity scopes",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        }
      ],
      "structureValue": 1,
      "extensionType": "Microsoft.TeamFoundation.Framework.Server.IdentitySecurityNamespaceExtension",
      "isRemotable": false,
      "useTokenTranslator": false
    }
  ]
}

Definitions

ActionDefinition
SecurityNamespaceDescription

Class for describing the details of a TeamFoundationSecurityNamespace.

ActionDefinition

Name Type Description
bit
  • integer

The bit mask integer for this action. Must be a power of 2.

displayName
  • string

The localized display name for this action.

name
  • string

The non-localized name for this action.

namespaceId
  • string

The namespace that this action belongs to. This will only be used for reading from the database.

SecurityNamespaceDescription

Class for describing the details of a TeamFoundationSecurityNamespace.

Name Type Description
actions

The list of actions that this Security Namespace is responsible for securing.

dataspaceCategory
  • string

This is the dataspace category that describes where the security information for this SecurityNamespace should be stored.

displayName
  • string

This localized name for this namespace.

elementLength
  • integer

If the security tokens this namespace will be operating on need to be split on certain character lengths to determine its elements, that length should be specified here. If not, this value will be -1.

extensionType
  • string

This is the type of the extension that should be loaded from the plugins directory for extending this security namespace.

isRemotable
  • boolean

If true, the security namespace is remotable, allowing another service to proxy the namespace.

name
  • string

This non-localized for this namespace.

namespaceId
  • string

The unique identifier for this namespace.

readPermission
  • integer

The permission bits needed by a user in order to read security data on the Security Namespace.

separatorValue
  • string

If the security tokens this namespace will be operating on need to be split on certain characters to determine its elements that character should be specified here. If not, this value will be the null character.

structureValue
  • integer

Used to send information about the structure of the security namespace over the web service.

systemBitMask
  • integer

The bits reserved by system store

useTokenTranslator
  • boolean

If true, the security service will expect an ISecurityDataspaceTokenTranslator plugin to exist for this namespace

writePermission
  • integer

The permission bits needed by a user in order to modify security data on the Security Namespace.