Required permissions for Azure DevOps user, OAuth app and token
Last updated
Last updated
The user we use to integrate organizations in Xopero ONE must have the following permissions:
Create new projects: Allow
View instance-level information: Allow
Create process: Allow
Create a workspace: Allow
View build resources: Allow
The user you use to integrate Azure DevOps with Xopero ONE via OAuth must have an administrator role. Otherwise, you will receive a message about lack of permissions or you will not be able to approve the required permissions (the button will be inactive).
During integration Azure DevOps process via OAuth app (default method), you will be asked to grant the appropriate permissions to the Xopero ONE application:
Wiki (read and write)
Variable Groups (read and create)
Work items (read and write)
Project and team (read, write and manage)
Code (read, write and manage)
Build (read and execute)
Environment (read and manage)
Login and read the profile
We only support accounts that are in organizations (Microsoft Entra ID). Personal accounts are not supported. If you have a private account, use PAT.
You need:
Username (not email address)
Personal Access Token - when generating PAT it is necessary to indicate the value “All accessible organizations” in the Organization field,
Permissions:
Build: Read & execute
Code: Read, write, & manage
Environment: Read & manage
Project and Team: Read, write, & manage
Variable Groups: Read & create
Wiki: Read & write
Work Items: Read & create
With minimal privileges, some metadata may not be included during the backup process. Choose the list of necessary permissions, depending on what data you need to protect. Remember that if you grant only read permissions, it will be possible to perform a backup, but to restore them, you will have to generate a new token/password with write permissions.