Advanced Security permissions
GitHub Advanced Security for Azure DevOps includes extra permissions for more levels of control around Advanced Security results and management. There are three new permissions added through Advanced Security: read alerts, dismiss and manage alerts, and manage settings.
GitHub Advanced Security for Azure DevOps works with Azure Repos. If you want to use GitHub Advanced Security with GitHub repositories, see GitHub Advanced Security.
Default permissions and access levels
- Advanced Security: read alerts grants permission to view security alerts for the repository.
- Advanced Security: manage and dismiss alerts grants permission to dismiss alerts for the repository.
- Advanced Security: manage settings grants permission to enable Advanced Security, which is a billable action.
| Azure DevOps group | Default permissions |
|---|---|
| Contributors | Advanced Security: read alerts |
| Project administrator | Advanced Security: read alerts, manage and dismiss alerts |
| Project collection administrator | Advanced Security: read alerts, manage and dismiss alerts, manage settings |
Manage Advanced Security permissions
If you're a project collection admin for your organization or otherwise have the Advanced Security: manage settings permission, you can manage all other Advanced Security permissions.
If you're running into an error when viewing Advanced Security alerts, you can adjust individual permissions for your repository.
If the dropdowns are disabled, contact your administrator for the necessary permissions.
To adjust permissions for a specific repository:
- Go to Project Settings > Repositories.
- Select the specific repository you wish to adjust permissions for.
- Select Security.
- Select the security group you wish to adjust permissions for.
- Select the permission bit to change. If successful, a green checkmark appears next to the selected permission.
Use personal access tokens (PATs)
You can use a personal access token to use the Advanced Security APIs. For more information about PATs on Azure DevOps and how to create them, refer to About PATs.
Advanced Security offers three extra scopes for a PAT: read, read and write, and read, write, and manage.
