授予脚本Git访问单个Azure存储库的权限 [英] Giving a script Git access to a single Azure Repo
问题描述
我想通过Git轮询Azure存储库以查找更改.我帐户中的个人访问令牌会给它太多权限.
I want to poll an Azure Repo for changes with Git. A personal access token from my account would give it too much permissions.
我应该在Azure AD中创建一个新用户,以只读方式将其添加到Azure Repo并在脚本中使用它吗?还是有比创建真实用户更好的方法.
Should I create a new user in Azure AD, add it to Azure Repo with read only and use it in the script? Or is there a better way than creating real users.
推荐答案
如果要允许git脚本仅访问一个特定的Azure存储库.恐怕您需要创建一个新用户作为服务帐户.
If you want to allow your git script to only access one specific Azure Repo. I'm afraid you will need to create a new user as a service account.
创建服务帐户并将其添加到您的azure devops组织之后.您可以在项目设置页面中将其访问权限设置为仅一个回购.见下文:
After the service account is created and added to your azure devops organization. You can set its access permission to only one repo in the project settings page. See below:
- 首先拒绝访问所有存储库.
项目设置-->单击 Git存储库-> 搜索以获取服务帐户-> 拒绝读取强>许可
Project settings-->Click Git repositories-->Search for the service account-->Deny Read permission
- 然后允许对该特定存储库具有读取"权限.
项目设置 s-> 选择您要允许其读取权限的存储库-> 搜索以获取服务帐户->允许阅读权限
Project settings-->Select the repository you want allow the read permission-->Search for the service account-->Allow Read permission
从该服务帐户生成的PAT只能访问该特定存储库.
The PAT generated from this service account will only have the access to that specific repo.
这篇关于授予脚本Git访问单个Azure存储库的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!