1

we use a devops artifact feed to store our packed/shaded java binaries inside a private project. Now we would like to allow access to certain artifacts for externals. We will promote these artifacts to a custom view (@public-releases) and want to allow access to this view for certain customers only (s.t. they can use it in their automation).

Is it possible to have some kind of service-account/service-principal to assign read-permissions in devops?

I know it the other way round (give devops access to azure ressources via service connections), but now I want to permit access to Devops Feeds.

How would I create such a User? We have azure AD connected, so maybe that is an option?

markus
  • 511
  • 1
  • 4
  • 15
  • use azure feed upstream sources. Defined your artifact feed as upstream source to feeds that want to use your binaries. – Sanjay Choudhary Oct 18 '22 at 13:11
  • the customers dont have a devops instance on their own. so there is no feed we could configure to use ours as upstream. – markus Oct 19 '22 at 07:16

1 Answers1

1

Is it possible to have some kind of service-account/service-principal to assign read-permissions in devops?

No, no such design.

Service principal of Azure Active Directory concept can not be managed as an account in DevOps side(DevOps doesn't have such account type, only internal service principal, no AAD service principal).

As you know, service principal of AAD can manage access to services in azure portal. This is the usual usage. Another usage is Authenticate with Azure Active Directory (Azure AD) tokens, this approach can be used to manage PAT of DevOps, but anyway you end up needing to access the feed based on a legitimate account under the DevOps concept.

Bowman Zhu-MSFT
  • 4,776
  • 1
  • 9
  • 10