Security Namespaces - Query

List all security namespaces or just the specified namespace.

GET https://dev.azure.com/{organization}/_apis/securitynamespaces/{securityNamespaceId}?api-version=6.0
GET https://dev.azure.com/{organization}/_apis/securitynamespaces/{securityNamespaceId}?localOnly={localOnly}&api-version=6.0

URI Parameters

Name In Required Type Description
organization
path

string

The name of the Azure DevOps organization.

securityNamespaceId
path

string

uuid

Security namespace identifier.

api-version
query True

string

Version of the API to use. This should be set to '6.0' to use this version of the api.

localOnly
query

boolean

If true, retrieve only local security namespaces.

Responses

Name Type Description
200 OK

SecurityNamespaceDescription[]

successful operation

Security

accessToken

Personal access token. Use any value for the user name and the token as the password.

Type: basic

Examples

All security namespaces
Get the specified security namespace

All security namespaces

Sample request

GET https://dev.azure.com/fabrikam/_apis/securitynamespaces?api-version=6.0

Sample response

{
  "count": 10,
  "value": [
    {
      "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866",
      "name": "Identity",
      "displayName": "Identity",
      "separatorValue": "\\",
      "elementLength": -1,
      "writePermission": 4,
      "readPermission": 1,
      "dataspaceCategory": "Default",
      "actions": [
        {
          "bit": 1,
          "name": "Read",
          "displayName": "View identity information",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 2,
          "name": "Write",
          "displayName": "Edit identity information",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 4,
          "name": "Delete",
          "displayName": "Delete identity information",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 8,
          "name": "ManageMembership",
          "displayName": "Manage group membership",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 16,
          "name": "CreateScope",
          "displayName": "Create identity scopes",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        }
      ],
      "structureValue": 1,
      "extensionType": "Microsoft.TeamFoundation.Framework.Server.IdentitySecurityNamespaceExtension",
      "isRemotable": false,
      "useTokenTranslator": false
    },
    {
      "namespaceId": "445d2788-c5fb-4132-bbef-09c4045ad93f",
      "name": "WorkItemTrackingAdministration",
      "displayName": "WorkItemTrackingAdministration",
      "separatorValue": "\u0000",
      "elementLength": -1,
      "writePermission": 1,
      "readPermission": 0,
      "dataspaceCategory": "WorkItem",
      "actions": [
        {
          "bit": 1,
          "name": "ManagePermissions",
          "displayName": "Manage permissions",
          "namespaceId": "445d2788-c5fb-4132-bbef-09c4045ad93f"
        },
        {
          "bit": 2,
          "name": "DestroyAttachments",
          "displayName": "Destroy attachments",
          "namespaceId": "445d2788-c5fb-4132-bbef-09c4045ad93f"
        }
      ],
      "structureValue": 0,
      "extensionType": null,
      "isRemotable": false,
      "useTokenTranslator": false
    },
    {
      "namespaceId": "101eae8c-1709-47f9-b228-0e476c35b3ba",
      "name": "DistributedTask",
      "displayName": "DistributedTask",
      "separatorValue": "/",
      "elementLength": -1,
      "writePermission": 8,
      "readPermission": 1,
      "dataspaceCategory": "DistributedTask",
      "actions": [
        {
          "bit": 1,
          "name": "View",
          "displayName": "View",
          "namespaceId": "101eae8c-1709-47f9-b228-0e476c35b3ba"
        },
        {
          "bit": 2,
          "name": "Manage",
          "displayName": "Manage",
          "namespaceId": "101eae8c-1709-47f9-b228-0e476c35b3ba"
        },
        {
          "bit": 4,
          "name": "Listen",
          "displayName": "Listen",
          "namespaceId": "101eae8c-1709-47f9-b228-0e476c35b3ba"
        },
        {
          "bit": 8,
          "name": "AdministerPermissions",
          "displayName": "Administer Permissions",
          "namespaceId": "101eae8c-1709-47f9-b228-0e476c35b3ba"
        },
        {
          "bit": 16,
          "name": "Use",
          "displayName": "Use",
          "namespaceId": "101eae8c-1709-47f9-b228-0e476c35b3ba"
        },
        {
          "bit": 32,
          "name": "Create",
          "displayName": "Create",
          "namespaceId": "101eae8c-1709-47f9-b228-0e476c35b3ba"
        }
      ],
      "structureValue": 1,
      "extensionType": "Microsoft.TeamFoundation.DistributedTask.Server.Extensions.TaskSecurityExtension",
      "isRemotable": false,
      "useTokenTranslator": false
    },
    {
      "namespaceId": "71356614-aad7-4757-8f2c-0fb3bff6f680",
      "name": "WorkItemQueryFolders",
      "displayName": "WorkItemQueryFolders",
      "separatorValue": "/",
      "elementLength": -1,
      "writePermission": 8,
      "readPermission": 1,
      "dataspaceCategory": "WorkItem",
      "actions": [
        {
          "bit": 1,
          "name": "Read",
          "displayName": "Read",
          "namespaceId": "71356614-aad7-4757-8f2c-0fb3bff6f680"
        },
        {
          "bit": 2,
          "name": "Contribute",
          "displayName": "Contribute",
          "namespaceId": "71356614-aad7-4757-8f2c-0fb3bff6f680"
        },
        {
          "bit": 4,
          "name": "Delete",
          "displayName": "Delete",
          "namespaceId": "71356614-aad7-4757-8f2c-0fb3bff6f680"
        },
        {
          "bit": 8,
          "name": "ManagePermissions",
          "displayName": "Manage Permissions",
          "namespaceId": "71356614-aad7-4757-8f2c-0fb3bff6f680"
        },
        {
          "bit": 16,
          "name": "FullControl",
          "displayName": "Full Control",
          "namespaceId": "71356614-aad7-4757-8f2c-0fb3bff6f680"
        }
      ],
      "structureValue": 1,
      "extensionType": null,
      "isRemotable": false,
      "useTokenTranslator": true
    },
    {
      "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87",
      "name": "Git Repositories",
      "displayName": "Git Repositories",
      "separatorValue": "/",
      "elementLength": -1,
      "writePermission": 8192,
      "readPermission": 2,
      "dataspaceCategory": "Git",
      "actions": [
        {
          "bit": 1,
          "name": "Administer",
          "displayName": "Administer",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 2,
          "name": "GenericRead",
          "displayName": "Read",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 4,
          "name": "GenericContribute",
          "displayName": "Contribute",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 8,
          "name": "ForcePush",
          "displayName": "Force push (rewrite history and delete branches)",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 16,
          "name": "CreateBranch",
          "displayName": "Create branch",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 32,
          "name": "CreateTag",
          "displayName": "Create tag",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 64,
          "name": "ManageNote",
          "displayName": "Manage notes",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 128,
          "name": "PolicyExempt",
          "displayName": "Bypass policies when pushing",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 256,
          "name": "CreateRepository",
          "displayName": "Create repository",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 512,
          "name": "DeleteRepository",
          "displayName": "Delete repository",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 1024,
          "name": "RenameRepository",
          "displayName": "Rename repository",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 2048,
          "name": "EditPolicies",
          "displayName": "Edit policies",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 4096,
          "name": "RemoveOthersLocks",
          "displayName": "Remove others' locks",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 8192,
          "name": "ManagePermissions",
          "displayName": "Manage permissions",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 16384,
          "name": "PullRequestContribute",
          "displayName": "Contribute to pull requests",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        },
        {
          "bit": 32768,
          "name": "PullRequestBypassPolicy",
          "displayName": "Bypass policies when completing pull requests",
          "namespaceId": "2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"
        }
      ],
      "structureValue": 1,
      "extensionType": null,
      "isRemotable": true,
      "useTokenTranslator": false
    },
    {
      "namespaceId": "4ae0db5d-8437-4ee8-a18b-1f6fb38bd34c",
      "name": "Registry",
      "displayName": "Registry",
      "separatorValue": "/",
      "elementLength": -1,
      "writePermission": 2,
      "readPermission": 1,
      "dataspaceCategory": "Default",
      "actions": [
        {
          "bit": 1,
          "name": "Read",
          "displayName": "Read registry entries",
          "namespaceId": "4ae0db5d-8437-4ee8-a18b-1f6fb38bd34c"
        },
        {
          "bit": 2,
          "name": "Write",
          "displayName": "Write registry entries",
          "namespaceId": "4ae0db5d-8437-4ee8-a18b-1f6fb38bd34c"
        }
      ],
      "structureValue": 1,
      "extensionType": null,
      "isRemotable": false,
      "useTokenTranslator": false
    },
    {
      "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e",
      "name": "VersionControlItems2",
      "displayName": "VersionControlItems2",
      "separatorValue": "/",
      "elementLength": -1,
      "writePermission": 1024,
      "readPermission": 1,
      "dataspaceCategory": "VersionControl",
      "actions": [
        {
          "bit": 1,
          "name": "Read",
          "displayName": "Read",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 2,
          "name": "PendChange",
          "displayName": "Pend a change in a server workspace",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 4,
          "name": "Checkin",
          "displayName": "Check in",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 8,
          "name": "Label",
          "displayName": "Label",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 16,
          "name": "Lock",
          "displayName": "Lock",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 32,
          "name": "ReviseOther",
          "displayName": "Revise other users' changes",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 64,
          "name": "UnlockOther",
          "displayName": "Unlock other users' changes",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 128,
          "name": "UndoOther",
          "displayName": "Undo other users' changes",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 256,
          "name": "LabelOther",
          "displayName": "Administer labels",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 1024,
          "name": "AdminProjectRights",
          "displayName": "Manage permissions",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 2048,
          "name": "CheckinOther",
          "displayName": "Check in other users' changes",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 4096,
          "name": "Merge",
          "displayName": "Merge",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        },
        {
          "bit": 8192,
          "name": "ManageBranch",
          "displayName": "Manage branch",
          "namespaceId": "3c15a8b7-af1a-45c2-aa97-2cb97078332e"
        }
      ],
      "structureValue": 1,
      "extensionType": "Microsoft.TeamFoundation.VersionControl.Server.PlugIns.RepositorySecurityNamespaceExtension",
      "isRemotable": true,
      "useTokenTranslator": true
    },
    {
      "namespaceId": "2bf24a2b-70ba-43d3-ad97-3d9e1f75622f",
      "name": "EventSubscriber",
      "displayName": "EventSubscriber",
      "separatorValue": ":",
      "elementLength": -1,
      "writePermission": 2,
      "readPermission": 1,
      "dataspaceCategory": "Default",
      "actions": [
        {
          "bit": 1,
          "name": "GENERIC_READ",
          "displayName": "View",
          "namespaceId": "2bf24a2b-70ba-43d3-ad97-3d9e1f75622f"
        },
        {
          "bit": 2,
          "name": "GENERIC_WRITE",
          "displayName": "Edit",
          "namespaceId": "2bf24a2b-70ba-43d3-ad97-3d9e1f75622f"
        }
      ],
      "structureValue": 1,
      "extensionType": null,
      "isRemotable": false,
      "useTokenTranslator": false
    },
    {
      "namespaceId": "5a6cd233-6615-414d-9393-48dbb252bd23",
      "name": "WorkItemTrackingProvision",
      "displayName": "WorkItemTrackingProvision",
      "separatorValue": "/",
      "elementLength": -1,
      "writePermission": 1,
      "readPermission": 0,
      "dataspaceCategory": "WorkItem",
      "actions": [
        {
          "bit": 1,
          "name": "Administer",
          "displayName": "Administer",
          "namespaceId": "5a6cd233-6615-414d-9393-48dbb252bd23"
        },
        {
          "bit": 2,
          "name": "ManageLinkTypes",
          "displayName": "Manage work item link types",
          "namespaceId": "5a6cd233-6615-414d-9393-48dbb252bd23"
        }
      ],
      "structureValue": 1,
      "extensionType": "Microsoft.TeamFoundation.WorkItemTracking.Server.WitProvisionSecurityExtension",
      "isRemotable": false,
      "useTokenTranslator": true
    },
    {
      "namespaceId": "49b48001-ca20-4adc-8111-5b60c903a50c",
      "name": "ServiceEndpoints",
      "displayName": "ServiceEndpoints",
      "separatorValue": "/",
      "elementLength": -1,
      "writePermission": 2,
      "readPermission": 0,
      "dataspaceCategory": "Default",
      "actions": [
        {
          "bit": 1,
          "name": "Use",
          "displayName": "Use Endpoint",
          "namespaceId": "49b48001-ca20-4adc-8111-5b60c903a50c"
        },
        {
          "bit": 2,
          "name": "Administer",
          "displayName": "Administer Endpoint",
          "namespaceId": "49b48001-ca20-4adc-8111-5b60c903a50c"
        },
        {
          "bit": 4,
          "name": "Create",
          "displayName": "Create Endpoint",
          "namespaceId": "49b48001-ca20-4adc-8111-5b60c903a50c"
        },
        {
          "bit": 8,
          "name": "ViewAuthorization",
          "displayName": "View Authorization",
          "namespaceId": "49b48001-ca20-4adc-8111-5b60c903a50c"
        },
        {
          "bit": 16,
          "name": "ViewEndpoint",
          "displayName": "View Endpoint",
          "namespaceId": "49b48001-ca20-4adc-8111-5b60c903a50c"
        }
      ],
      "structureValue": 1,
      "extensionType": null,
      "isRemotable": false,
      "useTokenTranslator": true
    }
  ]
}

Get the specified security namespace

Sample request

GET https://dev.azure.com/fabrikam/_apis/securitynamespaces/5a27515b-ccd7-42c9-84f1-54c998f03866?api-version=6.0

Sample response

{
  "count": 1,
  "value": [
    {
      "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866",
      "name": "Identity",
      "displayName": "Identity",
      "separatorValue": "\\",
      "elementLength": -1,
      "writePermission": 4,
      "readPermission": 1,
      "dataspaceCategory": "Default",
      "actions": [
        {
          "bit": 1,
          "name": "Read",
          "displayName": "View identity information",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 2,
          "name": "Write",
          "displayName": "Edit identity information",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 4,
          "name": "Delete",
          "displayName": "Delete identity information",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 8,
          "name": "ManageMembership",
          "displayName": "Manage group membership",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        },
        {
          "bit": 16,
          "name": "CreateScope",
          "displayName": "Create identity scopes",
          "namespaceId": "5a27515b-ccd7-42c9-84f1-54c998f03866"
        }
      ],
      "structureValue": 1,
      "extensionType": "Microsoft.TeamFoundation.Framework.Server.IdentitySecurityNamespaceExtension",
      "isRemotable": false,
      "useTokenTranslator": false
    }
  ]
}

Definitions

Name Description
ActionDefinition
SecurityNamespaceDescription

Class for describing the details of a TeamFoundationSecurityNamespace.

ActionDefinition

Name Type Description
bit

integer

The bit mask integer for this action. Must be a power of 2.

displayName

string

The localized display name for this action.

name

string

The non-localized name for this action.

namespaceId

string

The namespace that this action belongs to. This will only be used for reading from the database.

SecurityNamespaceDescription

Class for describing the details of a TeamFoundationSecurityNamespace.

Name Type Description
actions

ActionDefinition[]

The list of actions that this Security Namespace is responsible for securing.

dataspaceCategory

string

This is the dataspace category that describes where the security information for this SecurityNamespace should be stored.

displayName

string

This localized name for this namespace.

elementLength

integer

If the security tokens this namespace will be operating on need to be split on certain character lengths to determine its elements, that length should be specified here. If not, this value will be -1.

extensionType

string

This is the type of the extension that should be loaded from the plugins directory for extending this security namespace.

isRemotable

boolean

If true, the security namespace is remotable, allowing another service to proxy the namespace.

name

string

This non-localized for this namespace.

namespaceId

string

The unique identifier for this namespace.

readPermission

integer

The permission bits needed by a user in order to read security data on the Security Namespace.

separatorValue

string

If the security tokens this namespace will be operating on need to be split on certain characters to determine its elements that character should be specified here. If not, this value will be the null character.

structureValue

integer

Used to send information about the structure of the security namespace over the web service.

systemBitMask

integer

The bits reserved by system store

useTokenTranslator

boolean

If true, the security service will expect an ISecurityDataspaceTokenTranslator plugin to exist for this namespace

writePermission

integer

The permission bits needed by a user in order to modify security data on the Security Namespace.