Project-scoped feeds

  • Article

TFS 2018

When creating a new Azure Artifacts feed, you can choose to scope your feed to your project or your organization depending on your needs. Feeds that are created through the web interface are project-scoped by default.

Create a new feed

  1. Navigate to Build & Release, and then select Packages.

    A screenshot showing how to navigate to feeds in TFS.

  2. Select the dropdown menu, and then select New feed.

    A screenshot showing how to create a new feed in TFS.

  3. Give your feed a Name, a Description, and then select who can read and contribute to your feed. Select Include external packages if you want to use packages from public registries.

  4. Select Create when you're done.

    A screenshot showing how to set up a new feed in TFS.

Note

Organization-scoped feeds cannot be converted into project-scoped feeds.

Project-scoped vs organization-scoped feeds

A project-scoped feed is scoped to a project instead of an organization. Here are the main differences between the two types of feeds:

  1. Visibility:

    • Project-scoped feeds inherit the visibility of the project.
    • Organization-scoped feeds are always private by default.

  2. Links:

    • The URL of a project-scoped feed includes the project.

      • Example: https://pkgs.dev.azure.com/<ORG_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/nuget/v3/index.json

    • The URL of an organization-scoped feed doesn't include a project.

      • Example: https://pkgs.dev.azure.com/<ORG_NAME>/_packaging/<FEED_NAME>/nuget/v3/index.json

  3. User interface:

    • All organization-scoped feeds are available from the feeds' dropdown menu. To see a project-scoped feed in the list of feeds, you have to navigate to the project hosting that feed.

  4. Connection:

    • When connecting to a private project scoped feed from an Azure DevOps pipeline that is in the same organization but in a different project, the project that the feed is scoped to must allow access to the other project's build service. The build service must also be separately added to the feed permissions, regardless of the scope of the feed. See Package permissions for more details.

Security policies

If you want to add an extra layer of security to your project-scoped feed and protect your feed's visibility, you can disable the Allow public projects policy from the Organization Policy Settings.

Alternatively, you can use the Create Feed API to manually create a new organization-scoped feed. You will have to set the default permissions for the new feed manually either by using the Feed Permission API or the Artifacts feed settings.

Important

If a user has permissions to access a specific view, and they don't have permissions to the feed, they will still be able to access and download packages through that view.
If you want to completely hide your packages, you must restrict access to both the feed and the view. See Feeds and views permissions for more details.

Q&A

Q: How can I share packages with all users in my organization?

A: If you want to make certain packages in your feed available to all users in your organization, create or select a view that contains the packages you want to share and ensure its visibility is set to People in my organization.

Q: How to access a project-scoped feed in another project using Azure Pipelines?

In order for a pipeline to access a project-scoped feed in a different project, it is necessary to grant the pipeline access to both the project where the feed is scoped and the feed itself.

  • Project setup: navigate to the project hosting the feed, select Project settings > Permissions and then add your pipeline's project build service to the Contributors group or any other suitable group that provides contributor access to its users.

  • Feed setup: Navigate to the feed you want to access, select Settings > Feed permissions and then add your project build service as a Collaborator. Your Project build service identity is displayed in the following format: [Project name] Build Service ([Organization name]) (e.g. FabrikamFiber Build Service (codesharing-demo))

Q: I want to download a pipeline artifact from another project but my pipeline is failing?

A: If you want to download a pipeline artifact from another project within the same organization, make sure that the following permissions are set for both your downstream project and the pipeline generating the artifact:

On the pipeline generating the artifact (downstream project): select the ellipsis for more options > Manage security > search for your upstream project's build service and allow the following: Update build information, View build pipeline, and View builds.

On the downstream project: Project Settings > Permissions > Users > search for your upstream project's name and then select Expand search > select your upstream project's build service and allow the following: View project-level information.