Share via


az devops security group

Note

This reference is part of the azure-devops extension for the Azure CLI (version 2.30.0 or higher). The extension will automatically install the first time you run an az devops security group command. Learn more about extensions.

Manage security groups.

Commands

Name Description Type Status
az devops security group create

Create a new Azure DevOps group.

Extension GA
az devops security group delete

Delete an Azure DevOps group.

Extension GA
az devops security group list

List all the groups in a project or organization.

Extension GA
az devops security group membership

Manage memberships for security groups.

Extension GA
az devops security group membership add

Add membership.

Extension GA
az devops security group membership list

List memberships for a group or user.

Extension GA
az devops security group membership remove

Remove membership.

Extension GA
az devops security group show

Show group details.

Extension GA
az devops security group update

Update name AND/OR description for an Azure DevOps group.

Extension GA

az devops security group create

Create a new Azure DevOps group.

az devops security group create [--description]
                                [--detect {false, true}]
                                [--email-id]
                                [--groups]
                                [--name]
                                [--org]
                                [--origin-id]
                                [--project]
                                [--scope {organization, project}]

Examples

Create an Azure DevOps Group with name and description

az devops security group create --name 'Some group name'
--description 'Something to describe this group'

Add an existing AAD group to an Azure DevOps group

Get object ID of an existing AAD group
az ad group show -g '{Group Name}'
az devops security group create --origin-id '{Object ID}' --groups 'vssgp.someDescriptorForGroup'

Add an existing AAD group to an Azure DevOps group with AAD group Email ID

az devops security group create --email-id '{Email ID of AAD group}'
--groups 'vssgp.someDescriptorForGroup'

Create a new Azure DevOps group and add it to existing Azure DevOps groups.

az devops security group create --name 'Some group name'
--groups 'vssgp.someDescriptorForGroupOne,vssgp.someDescriptorForGroupTwo'

Optional Parameters

--description

Description of Azure DevOps group.

--detect

Automatically detect organization.

Accepted values: false, true
--email-id

Create new group using the mail address as a reference to an existing group from an external AD or AAD backed provider. Required if name or origin-id is missing.

--groups

A comma separated list of descriptors referencing groups you want the newly created group to join.

--name

Name of Azure DevOps group.

--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

--origin-id

Create new group using the OriginID as a reference to an existing group from an external AD or AAD backed provider. Required if name or email-id is missing.

--project -p

Name or ID of the project in which Azure DevOps group should be created.

--scope

Create group at project or organization level.

Accepted values: organization, project
Default value: project
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az devops security group delete

Delete an Azure DevOps group.

az devops security group delete --id
                                [--detect {false, true}]
                                [--org]
                                [--yes]

Required Parameters

--id

Descriptor of the group.

Optional Parameters

--detect

Automatically detect organization.

Accepted values: false, true
--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az devops security group list

List all the groups in a project or organization.

az devops security group list [--continuation-token]
                              [--detect {false, true}]
                              [--org]
                              [--project]
                              [--scope {organization, project}]
                              [--subject-types]

Optional Parameters

--continuation-token

If there are more results that can't be returned in a single page, the result set will contain a continuation token for retrieval of the next set of results.

--detect

Automatically detect organization.

Accepted values: false, true
--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

--project -p

List groups for a particular project.

--scope

List groups at project or organization level.

Accepted values: organization, project
Default value: project
--subject-types

A comma separated list of user subject subtypes to reduce the retrieved results. You can give initial part of descriptor [before the dot] as a filter e.g. vssgp,aadgp.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az devops security group show

Show group details.

az devops security group show --id
                              [--detect {false, true}]
                              [--org]

Required Parameters

--id

Descriptor of the group.

Optional Parameters

--detect

Automatically detect organization.

Accepted values: false, true
--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az devops security group update

Update name AND/OR description for an Azure DevOps group.

az devops security group update --id
                                [--description]
                                [--detect {false, true}]
                                [--name]
                                [--org]

Required Parameters

--id

Descriptor of the group.

Optional Parameters

--description

New description for Azure DevOps group.

--detect

Automatically detect organization.

Accepted values: false, true
--name

New name for Azure DevOps group.

--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.