azure-devopsazure-pipelinesazure-pipelines-release-pipelineazure-pipelines-release-task

Azure DevOps Pipeline - Service Connection Permission


Assuming an Azure DevOps pipeline has been authorized to use a service connection. If the user that is running the pipeline does NOT have permission on the same service connection, will he/she be able to run the pipeline still? Just want to see which takes precedence.

Thanks


Solution

  • The pipeline use the service connection via pipeline service account instead of personal account. Assuming an Azure DevOps pipeline has been authorized to use a service connection. If the user that is running the pipeline does NOT have permission on the same service connection, He can still run the pipeline

    Test A

    I create a service connection via account A->open service connection->add yaml build in the Pipeline permissions->run the yaml build via account B, it works.

    Result:

    enter image description here

    Test B

    If I remove the yaml build in the pipeline permission and run the build, it need to permit the permission

    Result:

    enter image description here