Manage Advanced Security permissions
GitHub Advanced Security for Azure DevOps includes extra permissions for more levels of control around Advanced Security results and management. There are three new permissions added through Advanced Security: read alerts, dismiss and manage alerts, and manage settings.
GitHub Advanced Security for Azure DevOps works with Azure Repos. To use GitHub Advanced Security with GitHub repositories, see GitHub Advanced Security.
Prerequisites
| Category | Requirements |
|---|---|
| Permissions | - To view a summary of all alerts for a repository: Contributor permissions for the repository. - To dismiss alerts in Advanced Security: Project administrator permissions. - To manage permissions in Advanced Security: Member of the Project Collection Administrators group or Advanced Security: manage settings permission set to Allow. |
For more information about Advanced Security permissions, see Manage Advanced Security permissions.
Default permissions and access levels
- Advanced Security: Read alerts grants permission to view security alerts for the repository.
- Advanced Security: Manage and dismiss alerts grants permission to dismiss alerts for the repository.
- Advanced Security: Manage settings grants permission to enable Advanced Security, which is a billable action.
| Azure DevOps group | Default permissions |
|---|---|
| Contributors | Advanced Security: Read alerts |
| Project administrator | Advanced Security: Read alerts, manage and dismiss alerts |
| Project collection administrator | Advanced Security: Read alerts, manage and dismiss alerts, manage settings |
Manage Advanced Security permissions
If you're running into an error when viewing Advanced Security alerts, you can adjust individual permissions for your repository.
If the dropdowns are disabled, contact your administrator for the necessary permissions.
To adjust permissions for a specific repository, do the following steps:
Select Project settings > Repositories.
Select the specific repository you wish to adjust permissions for.
Select Security.
Select the security group you wish to adjust permissions for.
Change a permission. When successful, a checkmark displays next to the selected permission.
Use personal access tokens (PATs)
Important
We recommend using Microsoft Entra tokens. For more information about our efforts to reduce PAT usage, see our blog. Review our authentication guidance to choose the appropriate authentication mechanism for your needs.
You can use a personal access token to use the Advanced Security APIs. For more information about PATs on Azure DevOps and how to create them, see About PATs.
Advanced Security offers three extra scopes for a PAT: read, read and write, and read, write, and manage.
