Get the permissions of users with respect to the repositories via the API of ADO

How to get the permissions of users for the repositories via the API of Azure DevOps?

I can use the following PowerShell script to download the Permissions Report of the repos in the project.

1. Use the Repositories - List REST API to get the repo id (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) of each repo.
2. Use the Permissions Report - Create to create a permission report of the repo.
3. Use the Permissions Report - Get to check the status of the permission report.
4. When the permission report is reportStatus is completedSuccessfully, download the permission report with the Permissions Report Download - Download.

Sample PowerShell script :

# Replace the value with your actual values
$organizationUrl = "https://dev.azure.com/organizationname"
$personalAccessToken = ""
$projectName = "projectname"

# API endpoint for getting repositories
$reposUrl = "$organizationUrl/$projectName/_apis/git/repositories?api-version=6.0"

# Create a session with PAT
$headers = @{
    Authorization = "Basic " + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($personalAccessToken)"))
}

try {
    # Get repositories
    $reposData = Invoke-RestMethod -Uri $reposUrl -Headers $headers -Method Get
} catch {
    Write-Host "Error getting repositories: $_"
    exit
}

# List repositories
foreach ($repo in $reposData.value) {
    Write-Host "-----------------------------------"
    Write-Host $repo.name 

    $repoid =$repo.id
    $reponame =$repo.name

    # Define API URL
    $permissionsCreateApiUrl = "$organizationUrl/_apis/permissionsreport?api-version=7.1-preview.1"

    # Create permissions report
    $body = @{
        "descriptors" = @()  # List of groups and users to fetch permissions on. An empty list will fetch all groups and users in the organization.
        "reportName" = "Permission report $reponame"  # Name of the report to create, make it unique
        "resources" = @(
            @{
                "resourceId" = "$repoid"
                "resourceType" = "repo"
            }
        )
    } | ConvertTo-Json

    try {
        $permissionsCreateResponse = Invoke-RestMethod -Uri $permissionsCreateApiUrl -Headers $headers -Method Post -Body $body -ContentType "application/json"
    } catch {
        Write-Host "Error creating permissions report: $_"
    }

    # Print report link
    $reportLink = $permissionsCreateResponse._Link.href 
    $reportLinkAPI="$($reportLink)?api-version=7.2-preview.1"

    Start-Sleep -Seconds 5

    # Use Invoke-RestMethod to get the report status
    do {
        $ReportStatuResponse = Invoke-RestMethod -Uri $reportLinkAPI -Headers $headers -Method Get

        if ($ReportStatuResponse.reportStatus -ne "completedSuccessfully") {
            Write-Host "Report not completed yet, retrying in 10 seconds..."
            Start-Sleep -Seconds 10
        }
    } while ($ReportStatuResponse.reportStatus -ne "completedSuccessfully")

    $DownloadreportApi="$($reportLink)/download?api-version=7.2-preview.1"

    $filename ="Permission report for repository $reponame.json"

    #change the path to your path
    $PATH="C:\Users\username\Desktop\New folder\"+$filename  


    # Use Invoke-RestMethod to download the report
    try {
        Invoke-RestMethod -Uri $DownloadreportApi -Headers $headers -Method Get -OutFile $PATH
        Write-Host "The $filename is downloaded"

    } catch {
        Write-Host "Error downloading report: $_"
    }
}

Test result: The permission reports are downloaded.

Note: During my test, I created too many reports in a short time pried, so at last my request was blocked due to Rate limits.