When getting Access Control Lists via the Azure DevOps API it returns a list of Access Control Entities which have fields "Allow" and "Deny".
As far as i understood from the docs, these fields contain some kind of permission bits. They look something like that: "allow": 32630, "deny": 0
.
Is it possible to somehow decode these values into a human readable format?
I am afraid that there is no out-of-box method can automatically decode the value into a human readable format.
In order to obtain information related to the permission bit, I suggest that you can use the Azure DevOps CLI to list all Permission bit in the namespace. Refer to this doc: Manage permissions with command line tool
For example:
az devops security permission namespace show --namespace-id 58450c49-b02d-465a-ab12-59ae512d6531 --output table
Then it will return all related information in the namespace:
Name Permission Description Permission Bit
------------------------ -------------------------------------------------------- ----------------
Read View analytics 1
Administer Manage analytics permissions 2
Stage Push the data to staging area 4
ExecuteUnrestrictedQuery Execute query without any restrictions on the query form 8
ReadEuii Read EUII data 16
If you want to allow/deny multiple permissions at the same time, you can add up the permission bit values.
For example: Allow Read and ReadEuii permission.
The value 1 + 16= 17 -> "allow": 17, "deny": 0
In this case, you can determine the permission bit value associated with 32630