azuredevops_workitemquery_permissions

Manages permissions for Work Item Queries.

Permission levels

Permission for Work Item Queries within Azure DevOps can be applied on two different levels. Those levels are reflected by specifying (or omitting) values for the arguments project_id and path.

Project level

Permissions for all Work Item Queries inside a project (existing or newly created ones) are specified, if only the argument project_id has a value.

Example usage

resource "azuredevops_project" "example" {
  name               = "Example Project"
  work_item_template = "Agile"
  version_control    = "Git"
  visibility         = "private"
  description        = "Managed by Terraform"
}

data "azuredevops_group" "example-readers" {
  project_id = azuredevops_project.example.id
  name       = "Readers"
}

resource "azuredevops_workitemquery_permissions" "project-wiq-root-permissions" {
  project_id = azuredevops_project.example.id
  principal  = data.azuredevops_group.example-readers.id
  permissions = {
    CreateRepository = "Deny"
    DeleteRepository = "Deny"
    RenameRepository = "NotSet"
  }
}

Shared Queries folder level

Permissions for a specific folder inside Shared Queries are specified if the arguments project_id and path are set.

Example usage

resource "azuredevops_project" "example" {
  name               = "Example Project"
  work_item_template = "Agile"
  version_control    = "Git"
  visibility         = "private"
  description        = "Managed by Terraform"
}

data "azuredevops_group" "example-readers" {
  project_id = azuredevops_project.example.id
  name       = "Readers"
}

resource "azuredevops_workitemquery_permissions" "example-permissions" {
  project_id = azuredevops_project.example.id
  path       = "/Team"
  principal  = data.azuredevops_group.example-readers.id
  permissions = {
    Contribute = "Allow"
    Delete     = "Deny"
    Read       = "NotSet"
  }
}

Example Usage

resource "azuredevops_project" "example" {
  name               = "Example Project"
  work_item_template = "Agile"
  version_control    = "Git"
  visibility         = "private"
  description        = "Managed by Terraform"
}

data "azuredevops_group" "example-readers" {
  project_id = azuredevops_project.example.id
  name       = "Readers"
}

data "azuredevops_group" "example-contributors" {
  project_id = azuredevops_project.example.id
  name       = "Contributors"
}

resource "azuredevops_workitemquery_permissions" "example-project-permissions" {
  project_id = azuredevops_project.example.id
  principal  = data.azuredevops_group.example-readers.id
  permissions = {
    Read              = "Allow"
    Delete            = "Deny"
    Contribute        = "Deny"
    ManagePermissions = "Deny"
  }
}

resource "azuredevops_workitemquery_permissions" "example-sharedqueries-permissions" {
  project_id = azuredevops_project.example.id
  path       = "/"
  principal  = data.azuredevops_group.example-contributors.id
  permissions = {
    Read   = "Allow"
    Delete = "Deny"
  }
}

Argument Reference

The following arguments are supported:

Permissions Description
Read Read
Contribute Contribute
Delete Delete
ManagePermissions Manage Permissions

Import

The resource does not support import.

PAT Permissions Required