Provide granular permissions and groups for users in Azure Repos

Simon Maple
May 6, 2019 | in Ecosystems, DevSecOps
| By Simon Maple, Edward Thompson

The following is a best practice guideline from our series of 8 Azure Repos security best practices

DOWNLOAD THE CHEAT SHEET!

6. Provide granular permissions and groups for users in Azure Repos

Following the rule of least privilege, ensure that contributors exist in the correct groups and therefore have the necessary permissions to work. Try to restrict administrative actions where possible.

Additionally, monitor changes in the requirements of your contributors as they leave or step back from the project.


Continue reading the list of 8 Azure Repos security best practices:

  1. Never store credentials as code/config in Azure Repos
  2. Remove sensitive data in your files and Azure Repos history
  3. Tightly control access
  4. Add a SECURITY.md file
  5. Use Personal Access Tokens
  6. Provide granular permissions and groups for users
  7. Add security testing to Pull Requests
  8. Rotate SSH keys and personal access tokens

If you haven’t done so yet, make sure you download this cheat sheet now and pin it up, so your future decisions are secure decisions!

8 Azure Repos Security Best Practices