Search code examples
azure-devopsmicrosoft-graph-apipower-automate

API request Azure DevOps, add group to a new project with automate flow

My flow gives me a 401 error:

The user is not authorized to access this resource.

Do you have an idea about the problem?

I am currently trying to add an administrator group and a contributor group to the project that I created via the flow via an automaton flow. To do this I retrieve the id of my project, then the id of my group via:

-> GET https://vssps.dev.azure.com/{organization}/_apis/graph/groups/{groupDescriptor}?api-version =6.0-preview.1

with the groupDescriptor filled, then I take the origin id to then make this request to add a group:

-> PATCH https://vsaex.dev.azure.com/{organization}/_apis/groupentitlements/{groupId}?api- version=7.1-preview.1 with this request body:

[ 
  {
    "from": "",
    "op": "add",
    "path": "/projectEntitlements",
    "value": {
      "projectRef": {
        "id": ""
      },
      "group": {
        "groupType": "ProjectContributor"
      }
    }
  } 
]
Solution

  • The Group Entitlements rest api is used to manage Group Licensing Rules, not a common group from your 1st rest api.

    enter image description here

    To add the group as project administrator or contributor, you can use rest api Memberships - Add.

    PUT https://vssps.dev.azure.com/{organization}/_apis/graph/memberships/{subjectDescriptor}/{containerDescriptor}?api-version=7.1-preview.1

    subjectDescriptor is the target descriptor from your 1st rest api. enter image description here

    containerDescriptor is the Contributor or Administrator group in the project.

    enter image description here

    enter image description here

    enter image description here