- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2023 08:43 PM
@pgruetter :
To enable a service principal to access a specific Azure DevOps repository, you need to grant it the necessary permissions at both the organization and repository levels.
Here are the steps to grant the service principal the necessary permissions:
- Navigate to your Azure DevOps organization and select the project that contains the repository you want to grant access to.
- Select the "Settings" menu and then "Permissions" under "Repositories".
- Select the repository you want to grant access to.
- Click "Add" to add a new user or group.
- In the "Add users and groups" dialog, search for the name of the service principal that you want to grant access to the repository.
- In the "Assign permissions" dialog, select the appropriate permission level for the service principal. You may want to start with "Read" access and then grant additional permissions as needed.
- Click "Add" to save the changes.
After you've granted the necessary permissions to the service principal at the repository level, you'll also need to make sure that it has the necessary permissions to access the code in the repository. You can do this by adding the service principal's credentials to the notebook task's Git repository connection.
Here's how to add the service principal's credentials:
- In the Azure portal, navigate to the resource group that contains the Azure DevOps project.
- Select the Azure DevOps project resource.
- In the "Overview" tab, select "Service connections".
- Select the connection for the Git repository that the notebook task is using.
- Click "Edit" to edit the connection.
- In the "Edit service connection" dialog, select "Service principal (manual)" as the authentication method.
- Enter the service principal's client ID and client secret.
- Click "Save" to save the changes.
After you've granted the necessary permissions and added the service principal's credentials, you should be able to run the notebook task with the service principal as the owner without encountering the "PERMISSION_DENIED" error.