How to grant permissions to call Azure DevOps REST API using System.AccessToken?
I want to call the Azure DevOps REST API's Test Suites - Create endpoint from an Azure DevOps Release pipeline.
I am doing this from a PowerShell task and I am using System.AccessToken. When I try to create a test suite, I receive the following response:
"message": "You do not have the appropriate permissions to manage test suites under this area path.",
"typeName": "Microsoft.TeamFoundation.TestManagement.WebApi.AccessDeniedException, Microsoft.TeamFoundation.TestManagement.WebApi",
"typeKey": "AccessDeniedException",
Does anybody know what permissions need to be granted in Azure DevOps?
Notes:
- Yes, I have enabled the OAuth token in my agent job.
- Yes, I have granted the Build Service permissions, but it doesn't seem to help. There doesn't seem to be a specific permission for managing test suites anywhere.
- Yes, I have tried other endpoints (GET, for example) and they work. I just can't create test suites.
When you try to create a test suite, it actually will create the Test Suite to the specified or default area path.
To create test suites on an area path, as the error message has stated, the users/identities must has the "Manage test suites" permission on the area path.
For you case, if you want to use the System.AccessToken as the authorization token to call the REST API "Test Suites - Create" in pipelines, you can set the permissions like below:
Go to "Project Settings" > "Project configuration" > "Areas", on the menu item of the area path (or its parent path) which you want to create work items to, select Security to open the Security hub of the area path.
On the Security hub, search for the following two identities and ensure the permission "
Manage test suites" is set to "Allow" for them. See "Job access tokens".Project Collection Build Service ({Organization Name}){Project Name} Build Service ({Organization Name})
After above steps, you can use the System.AccessToken as the authorization token to call the REST API in pipelines.
- Azure Devops yml pipeline if else condition with variables
- Task AzureStaticWebApp@0 'could not detect this directory' but its presented
- Azure DevOps API Authentication
- Not able to create a release workitem using CreateWorkItem@2 task
- How run a azure container job under a specific user in the container
- How to add a pull request check for a different repo's pipeline
- Failed to load “tfplan” as a plan file
- Trying to make pipeline more flexible
- UsePythonVersion0 error in self hosted runner on windows
- Running Code in Azure Repo from Azure Data Factory
- Azure Devops nuget artifact feed and docker
- Child module CCReport43F6D5EF not found when using azure pipelines task Maven@4
- Extract Files : Unsupported Method : arm64\libSkiaSharp.dll
- Azure DevOps Error 401 Account not authorized to view this page
- Generated Aspire Test Throws SSL Exception During Azure DevOps Tests
- Display agents API ADO with SystemCapabilities filter
- Azure devops variables are not updating
- Mapping ProgramData in Docker Windows
- Azure DevOps Pipeline Throwing Error with Terraform While Deploying to Azure
- Can I Use Deployment Pools in Yaml?
- How can we make a Work Item Creator automatically a Follower?
- Cannot close code review response work items in Visual Studio or DevOps
- Azure DevOps: User lacks permission to complete this action. You need to have 'AddPackage'
- error: invalid source release: 17 on Azure DevOps but not on localhost
- YML How to specify python 3.10
- Suddendly error in CI CD Azure Data Factory and AzureDevOps
- How properly run and use Docker in Azure Devops Pipelines?
- Azure App Service: Cant resolve SCM domain from behind Azure Front Door
- How to transfer Azure DevOps License from one organization to another?
- Using Webhook URL in Azure Pipeline to send Microsoft Teams Notification