Menu
I'm trying to set permissions using ACL with project permission namespace. In the request bodyInfo, I am passing '16' for allow so that I will allow Administer Build (16) permission for the group but nothing happens.
$securityNamespaceId = "52d39943-cb85-4d7f-8fa8-c6baac873819"
$groupDesc = "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-3474010476-3658975049-2966243200-2961816057-1-3769221364-1224424009-2749800435-4143997070"
$projectId = "12313142-eec0-4c3d-b9b5-44d0c3973b3e"
$token = "`$PROJECT:vstfs:///Classification/TeamProject/$($projectId)"
$allowMask = 16
$denyMask = 0
$bodyInfo = @"
{
"token": "$Token",
"merge": false,
"accessControlEntries": [
{
"descriptor": "$groupDesc",
"allow": $AllowMask,
"deny": $DenyMask,
"extendedinfo": {}
}
]
}
"@
$uri = "https://dev.azure.com/{organization}/_apis/accesscontrolentries/52d39943-cb85-4d7f-8fa8-c6baac873819?api-version=5.0"
$result = (Invoke-RestMethod -Method Post -Uri $uri -Body $bodyInfo -Headers $headers -ContentType "application/json")
count value
1 {@{descriptor=Microsoft.TeamFoundation.Identity;S-1-9-1551374245-3474010476-3658975049-2966243200-2961816057-1-3769221364-1224424009-2749800435-4143997070; allow=16; deny=0}}
bit name displayName namespaceId
--- ---- ----------- -----------
1 GENERIC_READ View project-level information 52d39943-cb85-4d7f-8fa8-c6baac873819
2 GENERIC_WRITE Edit project-level information 52d39943-cb85-4d7f-8fa8-c6baac873819
4 DELETE Delete team project 52d39943-cb85-4d7f-8fa8-c6baac873819
8 PUBLISH_TEST_RESULTS Create test runs 52d39943-cb85-4d7f-8fa8-c6baac873819
16 ADMINISTER_BUILD Administer a build 52d39943-cb85-4d7f-8fa8-c6baac873819
32 START_BUILD Start a build 52d39943-cb85-4d7f-8fa8-c6baac873819
64 EDIT_BUILD_STATUS Edit build quality 52d39943-cb85-4d7f-8fa8-c6baac873819
128 UPDATE_BUILD Write to build operational store 52d39943-cb85-4d7f-8fa8-c6baac873819
256 DELETE_TEST_RESULTS Delete test runs 52d39943-cb85-4d7f-8fa8-c6baac873819
512 VIEW_TEST_RESULTS View test runs 52d39943-cb85-4d7f-8fa8-c6baac873819
2048 MANAGE_TEST_ENVIRONMENTS Manage test environments 52d39943-cb85-4d7f-8fa8-c6baac873819
4096 MANAGE_TEST_CONFIGURATIONS Manage test configurations 52d39943-cb85-4d7f-8fa8-c6baac873819
8192 WORK_ITEM_DELETE Delete and restore work items 52d39943-cb85-4d7f-8fa8-c6baac873819
16384 WORK_ITEM_MOVE Move work items out of this project 52d39943-cb85-4d7f-8fa8-c6baac873819
32768 WORK_ITEM_PERMANENTLY_DELETE Permanently delete work items 52d39943-cb85-4d7f-8fa8-c6baac873819
65536 RENAME Rename team project 52d39943-cb85-4d7f-8fa8-c6baac873819
131072 MANAGE_PROPERTIES Manage project properties 52d39943-cb85-4d7f-8fa8-c6baac873819
262144 MANAGE_SYSTEM_PROPERTIES Manage system project properties 52d39943-cb85-4d7f-8fa8-c6baac873819
524288 BYPASS_PROPERTY_CACHE Bypass project property cache 52d39943-cb85-4d7f-8fa8-c6baac873819
1048576 BYPASS_RULES Bypass rules on work item updates 52d39943-cb85-4d7f-8fa8-c6baac873819
2097152 SUPPRESS_NOTIFICATIONS Suppress notifications for work item updates 52d39943-cb85-4d7f-8fa8-c6baac873819
4194304 UPDATE_VISIBILITY Update project visibility 52d39943-cb85-4d7f-8fa8-c6baac873819
8388608 CHANGE_PROCESS Change process of team project. 52d39943-cb85-4d7f-8fa8-c6baac873819
16777216 AGILETOOLS_BACKLOG Agile backlog management. 52d39943-cb85-4d7f-8fa8-c6baac873819
299
asked Jan 23 '26 12:01
In your script,you want to use project-level token to modify Administer Build permission in build security. I tested it on postman and found that using project-level token to modify the build security permission, the response status was 200, but in the UI, the permissions were not actually changed.You can try to use build-level token to make changes to build security permission.
Hope this helps.
123
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
