circle-check
GitProtect version 2.1.0 is now available. This release introduces Jira granular backup and additional improvements.
CHANGELOGchevron-right
search
🏠︎ HOME@ WEBSITE↘ FREE TRIAL✉︎ CONTACT SUPPORT

Required permissions

Full list of permissions required for integrating Azure DevOps and Azure DevOps Server with GitProtect.

hashtag
Required permissions for Azure DevOps and Azure DevOps Server specify the access levels GitProtect needs to securely back up and restore your data.

hashtag
Permissions for Azure DevOps

hashtag
User access levels

The account used for integration must have an appropriate access level assigned within Azure DevOps:

  • Basic.

  • Visual Studio Subscriber — professional or enterprise tier.

  • GitHub Enterprise — similar to basic.

  • Stakeholder (not recommended) — this level has limited access and cannot properly protect repositories.

circle-exclamation

GitProtect can only protect projects that the integrated user account has explicit access to.

hashtag
OAuth integration

triangle-exclamation

GitProtect supports only organizational accounts (Microsoft Entra ID) — personal accounts are not supported. For private accounts, use PAT instead.

To integrate Azure DevOps with GitProtect using OAuth, make sure the account has an administrator role. Otherwise, you may encounter permission errors or find that the approval button is inactive.

When integrating Azure DevOps via OAuth, the following scopes are required:

hashtag
Installation permissions for OAuth

The ability to authorize the GitProtect OAuth application depends on your organization's User consent settings within Azure DevOps. The following options are available:

Consent policy
Authorization requirement

Allow user consent for apps from verified publishers, for selected permissions

Any user can authorize the app, provided that all requested permissions are classified as low impact by your administrator.

Do not allow user consent

Only users with the Application Administrator or Global Administrator role can authorize the integration.

Let Microsoft manage your consent settings (Recommended)

Authorization is subject to Microsoft's current security guidelines. While this currently allows for GitProtect integration, availability may change based on Microsoft's evolving policies.

hashtag
Personal Access Token (PAT) integration

hashtag
Prerequisites:

hashtag
Required scopes:

triangle-exclamation

When performing a backup with minimal permissions, some metadata might be excluded. To ensure complete protection, select the permissions based on your data protection needs. Note that with read-only permissions, backups can be made, but restoring requires a new token or password with write access.

hashtag
Granular permission settings

To ensure both backup and restore operations succeed, the following permissions are required:

  1. Organization level:

    1. General:

      1. Create new projects (restore)

    2. Boards:

      1. Create process (restore)

      2. Edit process (restore)

  2. Project level:

    1. General:

      1. View project-level information (backup)

  3. Repositories level:

    1. Create branch (restore)

    2. Create repository (restore)

    3. Read (backup)

hashtag
Permissions for Azure DevOps Server

hashtag
Personal Access Token (PAT) integration

For on-premise installations, use the personal access token (PAT) method.

hashtag
Prerequisites:

hashtag
Required scopes:

triangle-exclamation

When performing a backup with minimal permissions, some metadata might be excluded. To ensure complete protection, select the permissions based on your data protection needs. Note that with read-only permissions, backups can be made, but restoring requires a new token or password with write access.

Last updated