授予脚本Git访问单个Azure存储库的权限 [英] Giving a script Git access to a single Azure Repo

问题描述

我想通过Git轮询Azure存储库以查找更改.我帐户中的个人访问令牌会给它太多权限.

I want to poll an Azure Repo for changes with Git. A personal access token from my account would give it too much permissions.

我应该在Azure AD中创建一个新用户，以只读方式将其添加到Azure Repo并在脚本中使用它吗?还是有比创建真实用户更好的方法.

Should I create a new user in Azure AD, add it to Azure Repo with read only and use it in the script? Or is there a better way than creating real users.

推荐答案

如果要允许git脚本仅访问一个特定的Azure存储库.恐怕您需要创建一个新用户作为服务帐户.

If you want to allow your git script to only access one specific Azure Repo. I'm afraid you will need to create a new user as a service account.

创建服务帐户并将其添加到您的azure devops组织之后.您可以在项目设置页面中将其访问权限设置为仅一个回购.见下文:

After the service account is created and added to your azure devops organization. You can set its access permission to only one repo in the project settings page. See below:

• 首先拒绝访问所有存储库.

项目设置-->单击 Git存储库-> 搜索以获取服务帐户-> 拒绝读取许可

Project settings-->Click Git repositories-->Search for the service account-->Deny Read permission

• 然后允许对该特定存储库具有读取"权限.

项目设置 s-> 选择您要允许其读取权限的存储库-> 搜索以获取服务帐户->允许阅读权限

Project settings-->Select the repository you want allow the read permission-->Search for the service account-->Allow Read permission

从该服务帐户生成的PAT只能访问该特定存储库.

The PAT generated from this service account will only have the access to that specific repo.

这篇关于授予脚本Git访问单个Azure存储库的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！