| layout | page_title | description |
|---|---|---|
azuredevops |
AzureDevops: azuredevops_area_permissions |
Manages permissions for a AzureDevOps Area (Component) |
Manages permissions for an Area (Component)
~> Note Permissions can be assigned to group principals and not to single user principals.
Permission for Areas within Azure DevOps can be applied on two different levels.
Those levels are reflected by specifying (or omitting) values for the arguments project_id and path.
resource "azuredevops_project" "project" {
name = "Sample Project"
work_item_template = "Agile"
version_control = "Git"
visibility = "private"
description = "Managed by Terraform"
}
data "azuredevops_group" "project-readers" {
project_id = azuredevops_project.project.id
name = "Readers"
}
resource "azuredevops_area_permissions" "root-permissions" {
project_id = azuredevops_project.project.id
principal = data.azuredevops_group.project-readers.id
path = "/"
permissions = {
CREATE_CHILDREN = "Deny"
GENERIC_READ = "Allow"
DELETE = "Deny"
WORK_ITEM_READ = "Allow"
}
}The following arguments are supported:
project_id- (Required) The ID of the project to assign the permissions.principal- (Required) The group principal to assign the permissions.permissions- (Required) the permissions to assign. The following permissions are available.path- (Optional) The name of the branch to assign the permissions.replace- (Optional) Replace (true) or merge (false) the permissions. Default:true.
| Permission | Description |
|---|---|
| GENERIC_READ | View permissions for this node |
| GENERIC_WRITE | Edit this node |
| CREATE_CHILDREN | Create child nodes |
| DELETE | Delete this node |
| WORK_ITEM_READ | View work items in this node |
| WORK_ITEM_WRITE | Edit work items in this node |
| MANAGE_TEST_PLANS | Manage test plans |
| MANAGE_TEST_SUITES | Manage test suites |
The resource does not support import.
- Project & Team: vso.security_manage - Grants the ability to read, write, and manage security permissions.