Required permissions for Azure DevOps user, OAuth app and token
OAuth app
The user you use to integrate Azure DevOps with GitProtect via OAuth must have an administrator role. Otherwise, you will receive a message about lack of permissions or you will not be able to approve the required permissions (the button will be inactive).
During integration Azure DevOps process via OAuth app (default method), you will be asked to grant the appropriate permissions to the GitProtect application:
Wiki (read and write)
Variable Groups (read and create)
Work items (read and write)
Project and team (read, write and manage)
Code (read, write and manage)
Build (read and execute)
Environment (read and manage)
Login and read the profile
We only support accounts that are in organizations (Microsoft Entra ID). Personal accounts are not supported. If you have a private account, use PAT.
Token
You need:
Username (not email address)
Personal Access Token - when generating PAT it is necessary to indicate the value “All accessible organizations” in the Organization field,
Permissions:
Build: Read & execute
Code: Read, write, & manage
Environment: Read & manage
Project and Team: Read, write, & manage
Variable Groups: Read & create
Wiki: Read & write
Work Items: Read & create
With minimal privileges, some metadata may not be included during the backup process. Choose the list of necessary permissions, depending on what data you need to protect. Remember that if you grant only read permissions, it will be possible to perform a backup, but to restore them, you will have to generate a new token/password with write permissions.
Last updated