是否通过Azure CLI更新EventSubscription的Azure DevOps组的权限? [英] Update permissions for Azure DevOps group for EventSubscription through Azure CLI?

问题描述

我一直通过Azure CLI(az devops版本0.11.0)向自定义Azure DevOps Services组添加权限，并且通常能够执行以下操作:

I've been adding permissions to a custom Azure DevOps Services group through the Azure CLI (az devops version 0.11.0) and I've usually been able to do the following:

1. az devops安全权限名称空间列表，找到特定名称空间(例如EventSubscription)的namespaceId
2. 获取项目管理员的描述符
3. az devops安全权限列表--id $ namespaceId --subject $ projectAdmin.descriptor ...
4. 在ACES词典中找到一个允许位，找到相应的令牌
5. az使用新令牌开发安全权限 ...

1. az devops security permission namespace list, find namespaceId of specific namespace (like EventSubscription)
2. Get the Project Admin's descriptor
3. az devops security permission list --id $namespaceId --subject $projectAdmin.descriptor...
4. Find an allow bit in the ACES dictionary, find the respective token
5. az devops security permission update... with the new token

但是，当我为EventSubscription命名空间运行安全权限列表时，对于项目admins组，它以空JSON返回，因此我找不到该令牌.我已经尝试过"$ SUBSCRIPTION"，因为它看起来像TFS 2010用户使用的那样，但这是行不通的.

But when I run security permission list for the EventSubscription namespace, it returns with empty JSON for the project admins group so I can't find the token. I've tried "$SUBSCRIPTION" as it looked like what a TFS 2010 user used, but that doesn't work.

问题:

1. 如何在项目管理员组中列出EventSubscription命名空间的令牌?我试图看一下tfssecurity是否可以解决任何问题，但是没有用.还尝试使用Fiddler来查看是否可以找到令牌，但也找不到任何令牌.不能在用户界面上使用Fiddler.

1. How can I list tokens on the project admins group for the EventSubscription namespace? I tried to see if tfssecurity would pull anything up, but didn't work. Also tried using Fiddler to see if it would find a token but also nothing. Can't use Fiddler with the UI.

或者我为Azure DevOps使用什么令牌来更新组的EventSubscription权限?

Or what token do I use for Azure DevOps to update the EventSubscription permission for a group?

推荐答案

我使用 EventSubscription 命名空间ID和 project admins group 描述符作为 subject 参数，并获得与您相同的结果.

I tested with EventSubscription namespace id and project admins group descriptor as subject parameters and got the same result as you.

$env:AZURE_DEVOPS_EXT_PAT = 'ckdhd6wuma5uw2h35dv37pgdum5eyjviqneineixxxxx'

$output = az devops security permission namespace list | ConvertTo-Json -Depth 100

#get descriptor
$output2 = az devops security group list --scope project | ConvertTo-Json -Depth 100

#eventSubscription namespaceId: 58b176e7-3411-457a-89d0-c6xxx/ Project namespaceId:52d39943-cb85-4d7f-8fa8-c6xxx
$output3 = az devops security permission list --namespace-id 58b176e7-3411-457a-89d0-c6xxxx --subject vssgp.Uy0xLTktMTU1MTM3NDI0NS00MjQ3MDQ2OTMyLTI2ODA1Nzg2MjktMjkxMzgyMjE4MC0yNDQ0MjYxxxxx | ConvertTo-Json -Depth 100

Write-Host $output3

但是当我使用 Project 名称空间ID和 project admins组描述符进行测试时，我可以正常获取令牌.

But when I tested with Project namespace id and project admins group descriptor, I can get the token normally.

因此，我认为 EventSubscription 命名空间与 project admins组描述符之间的关联可能存在问题.您可以在用户界面中共享相应的操作吗?这将帮助我进一步调查.

So I think this could be a problem with the association between the EventSubscription namespace and the project admins group descriptor. Can you share the corresponding operation in the UI? This will help me investigate further.

这篇关于是否通过Azure CLI更新EventSubscription的Azure DevOps组的权限?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！