azure-devops-cli-extension icon indicating copy to clipboard operation
azure-devops-cli-extension copied to clipboard

Published 20 hours ago verified publisher icon Azure

[Bug] az devops security permission update is not working

Open anthonyyeong-pru opened this issue 4 years ago • 1 comments

Describe the bug A clear and concise description of what the bug is. Unable to update pipeline permission

To Reproduce Azure Cli Version: 2.0.81 Azure-Devops extension version: 0.17.0

Steps to reproduce the behavior:

  1. Created a custom user group
  2. Get the group descriptor and permission token
  • descriptor: vssgp.Uy0xLTktMTU1MTM3NDI0NS0xNzY2ODY5NTU5LTQzMjE0MjE1Ni0zMDcwMDc4OTkzLTIyNTQzMzkwNDUtMS0xMjQxMTc2MzgyLTEzNjc2OTYyMDAtMjQ0MDAwMTc1My0yNTExNzU3ODc1
  • token: $PROJECT:vstfs:///Classification/TeamProject/e94c3371-494a-42f9-b710-07036107718a
  1. Get the build namespace id:
  • 33344d9c-fc72-4d6f-aba5-fa317101a7e9
  1. Run following command: az devops security permission update --organization https://dev.azure.com/SampleOrg --allow-bit 1665 --merge true --namespace-id 33344d9c-fc72-4d6f-aba5-fa317101a7e9 --subject vssgp.Uy0xLTktMTU1MTM3NDI0NS0xNzY2ODY5NTU5LTQzMjE0MjE1Ni0zMDcwMDc4OTkzLTIyNTQzMzkwNDUtMS0xMjQxMTc2MzgyLTEzNjc2OTYyMDAtMjQ0MDAwMTc1My0yNTExNzU3ODc1 --token $PROJECT:vstfs:///Classification/TeamProject/e94c3371-494a-42f9-b710-07036107718a

Expected behavior allow bit 1665 should enable:

  • View builds
  • Queue builds
  • Stop builds
  • View build pipeline

Observed behaviour

  • No error
  • All permissions are still on "Not set"
  • Output after execution: ok: [localhost] => { "msg": [ "[", " {", " "acesDictionary": {", " "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-824937875-2635594309-2605119481-371782114-1-2101260142-2653084992-2491199701-4292672612": {", " "allow": 1665,", " "deny": 0,", " "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-824937875-2635594309-2605119481-371782114-1-2101260142-2653084992-2491199701-4292672612",", " "extendedInfo": {", " "effectiveAllow": 1665", " },", " "resolvedPermissions": [", " {", " "bit": 1,", " "displayName": "View builds",", " "effectivePermission": "Allow",", " "name": "ViewBuilds"", " },", " {", " "bit": 128,", " "displayName": "Queue builds",", " "effectivePermission": "Allow",", " "name": "QueueBuilds"", " },", " {", " "bit": 512,", " "displayName": "Stop builds",", " "effectivePermission": "Allow",", " "name": "StopBuilds"", " },", " {", " "bit": 1024,", " "displayName": "View build pipeline",", " "effectivePermission": "Allow",", " "name": "ViewBuildDefinition"", " }", " ]", " }", " },", " "includeExtendedInfo": true,", " "inheritPermissions": true,", " "token": "$PROJECT:vstfs:///Classification/TeamProject/9103334b-492a-4bf3-a33c-bcc655d9c5a5"", " }", "]" ] }

Additional context Tried resolution on https://github.com/Azure/azure-devops-cli-extension/issues/912, but not helping.

anthonyyeong-pru avatar Jan 26 '21 05:01 anthonyyeong-pru

Same issue here

julioarruda avatar May 06 '21 17:05 julioarruda