Security

TFS 2017 | TFS 2015 | TFS 2013

Note

Looking for REST APIS that support TFS 2018 or later versions? See the Azure DevOps REST API Reference.

api-version = 1.0

Data stored in security namespaces are used to determine whether an user has permissions to perform a specific action on a specific resource.

Typically, each family of resources (work items, Git repositories, etc.) is secured using a different namespace. Each security namespace contains zero or more access control lists. Each access control list contains a token, an inherit flag and a set of zero or more access control entries. Each access control entry contains an identity descriptor, an allowed permissions bitmask and an denied permissions bitmask.

• Security Namespaces
• Access Control Lists (ACLs)
• Access Control Entries (ACEs)
• Permissions
• Tokens

Common tasks

Get security namespaces

Get a list of security namespaces.

Change the inherit flag for a token

Set the inherit flag for an access control list.

Get, add, and remove access control lists

1. Get a list of access control lists in a security namespace.
2. Add a list of access control lists to a security namespace.
3. Remove a list of access control lists from a security namespace.

Add and remove access control entries

1. Add a list of access control entries to an access control list.
2. Remove a list of access control entries from an access control list.

Evaluate effective permissions

Determine if an identity has the requested permissions on a token or a list of tokens.

Selectively remove permissions

Remove permissions from an access control entry.