You have a private project in Azure DevOps.
You need to ensure that a project manager can create custom work item queries to report on the project's progress. The solution must use the principle of least privilege.
To which security group should you add the project manager?
Click on the arrows to vote for the correct answer
A. B. C. D.D
Contributors have permissions to contribute fully to the project code base and work item tracking. The main permissions they don't have or those that manage or administer resources.
https://docs.microsoft.com/en-us/azure/devops/organizations/security/permissionsThe best answer for this question is C. Project Administrators.
Explanation:
Azure DevOps provides different levels of permissions that can be assigned to users or groups. These permissions determine what actions can be performed by users or groups within a project or organization.
In this case, the requirement is to provide the project manager with the ability to create custom work item queries to report on the project's progress. The least privileged permission that can meet this requirement is the Project Administrator role.
The Project Administrator role provides the following permissions to the user:
Adding the project manager to the Project Administrators group will allow them to create custom work item queries and generate reports while limiting their access to other project-related activities.
The other options are not suitable for this requirement because:
A. Reader: This role has read-only access to work items, build pipelines, and releases. The reader role cannot create custom queries or generate reports.
B. Project Collection Administrators: This role provides administrative access to all projects within an organization. It is a highly privileged role and is not appropriate for providing access to a single project.
D. Contributor: This role can create, read, update, and delete work items, but it does not have permissions to create custom queries or generate reports.