ADOpowershell

Collection of utilities for security group management in Azure DevOps to update permissions on a security group, find members linked to a security group, create a new security group and assign members and generate a project level report for security group membership.

UpdateSGPermission πŸ”‘

Updates permissions on given security group

Requirements: Azure CLI with Azure DevOps extension

1 – get security group descriptor id
2 – parse permission namespaces in org e.g. Release Management, Build, Git Repositories, etc
3 – identify permission setting to flip e.g. Build: 2048 edit pipeline, 4096 delete pipeline or Release: 2 edit release pipeline, 4 delete release pipeline
4 – update the target permission on the target subject where --allow-bit/--deny-bit could be a single permission bit or use addition of multiple permission bits

Security tokens in Azure DevOps
Manage security permissions in Azure DevOps
az devops security permission
Install Azure CLI

Get Target SG Members 🎯

Aggregates members associated to a given security group

Requirements: Azure CLI with Azure DevOps extension

1 - get list of members to migrate e.g. contributors in target project
2 - create new security group and add these member to it
3 - remove membership from previous group e.g. contributors

About security and identity in Azure DevOps
Install Azure CLI

Create SG Add member to SG 🦺

Create a new security group and add members or add members to a existing security group

Requirements: Azure CLI with Azure DevOps extension

Add and manage security groups in Azure DevOps
Create a custom security group in Azure DevOps
Install Azure CLI

Export ADO Project User Settings for Multiple Projects πŸ“œ

Generates HTML report for security group membership per project

Requirements: PAT token with Graph as β€œRead” and Member Entitlement Management as β€œRead”

PAT authentication