My "Edit Build Pipeline" Permissions in Azure DevOps are set to Deny but I can still edit the YAML file in both classic/repo?
I have a build pipeline permissions question in Azure DevOps.
I have selected "deny" for "edit build pipeline" which Microsoft docs describes as: "Can create pipelines and save any changes to a build pipeline, including configuration variables, triggers, repositories, and retention policy."
However, I can still edit and save changes (like triggers) to the build pipeline by going to Pipelines > selecting the Pipeline > View (making changes) > Save.
I am in a security group that is denied all Build permissions at top level, and only granted view, view build pipeline, stop and queue for this pipeline.
How can I make it so I can see the pipeline and run it but not be able to edit it / save any changes to it?
Since the YAML files are stored as the source files in the corresponding Git repository, if you have the permissions to edit the source files in the repository, you can edit the YAML files. It is not affected by the "Edit build pipeline" option.
For the YAML pipeline, the "Edit build pipeline" option is affecting the options on the UI settings page.
