You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/artifacts/feeds/project-scoped-feeds.md
+17-19
Original file line number
Diff line number
Diff line change
@@ -47,40 +47,38 @@ A project-scoped feed is scoped to a project instead of an organization. Here ar
47
47
> [!NOTE]
48
48
> To add a feed from a different organization as an upstream source, the target feed owner must share the target view with **All feeds and people in organizations associated with my Microsoft Entra tenant** by navigating to **Feed Settings** > **Views** > selecting the ellipsis button on the right for the specified view > then selecting **Edit**.
49
49
50
-
## Security policies
51
-
52
-
If you want to add an extra layer of security to your project-scoped feed and protect your feed's visibility, you can disable the **Allow public projects** policy from the [Organization Policy Settings](../../organizations/accounts/change-application-access-policies.md).
53
-
54
-
Alternatively, you can use the [Create Feed API](/rest/api/azure/devops/artifacts/feed%20%20management/create%20feed?view=azure-devops-rest-5.1&preserve-view=true) to manually create a new organization-scoped feed. You'll have to set the default permissions for the new feed manually either by using the [Feed Permission API](/rest/api/azure/devops/artifacts/feed%20%20management/set%20feed%20permissions?view=azure-devops-rest-5.1&preserve-view=true) or the Artifacts feed settings.
55
-
56
-
> [!IMPORTANT]
57
-
> If a user has permissions to access a specific view, and they don't have permissions to the feed, they will still be able to access and download packages through that view.
58
-
> If you want to completely hide your packages, you must restrict access to both the feed and the view. For more information, see [Feeds and views permissions](feed-permissions.md).
50
+
> [!TIP]
51
+
> If you want to add an extra layer of security to your project-scoped feed and protect your feed's visibility, you can disable the **Allow public projects** policy from the [Organization Policy Settings](../../organizations/accounts/change-application-access-policies.md).
59
52
60
53
## Q&A
61
54
62
55
#### Q: How can I share packages with all users in my organization?
63
56
64
-
A: If you want to make certain packages in your feed available to all users in your organization, create or select a [view](views.md) that contains the packages you want to share and ensure its visibility is set to **People in my organization**.
57
+
A: To make specific packages in your feed accessible to all users in your organization, create or select a [view](views.md) that contains the packages you want to share and set its visibility to **People in my organization**.
65
58
66
-
#### Q: How to access a project-scoped feed in another project using Azure Pipelines?
59
+
> [!IMPORTANT]
60
+
> If a user has access to a specific view, they will still be able to view and download packages from that view even without feed-level permissions.
61
+
> If you want to fully restrict access to your packages, ensure permissions are limited for both the feed and its views. See [Feeds and views permissions](feed-permissions.md) for more details.
62
+
63
+
#### Q: How can I access a project-scoped feed in another project from my pipeline?
67
64
68
-
In order for a pipeline to access a project-scoped feed in a different project, it's necessary to grant the pipeline access to both the project where the feed is scoped and the feed itself.
65
+
To allow a pipeline to access a project-scoped feed in a different project, you need to grant the pipeline access to both the project where the feed is scoped and to the feed itself.
69
66
70
-
- Project setup: navigate to the project hosting the feed, select **Project settings** > **Permissions** and then add your pipeline's *project build service* to the Contributors group or any other suitable group that provides contributor access to its users.
67
+
-**Project permissions**: navigate to the project hosting the feed, select **Project settings** > **Permissions** and then add your pipeline's *project build service* to the Contributors group or any group that grants contributor access.
71
68
72
-
- Feed setup: Navigate to the feed you want to access, select **Settings** > **Feed permissions**, and then add your *project build service* as a **Feed and Upstream Reader (Collaborator)**. Your*Project build service* identity is displayed in the following format: `[Project name] Build Service ([Organization name])` (for example, FabrikamFiber Build Service (codesharing-demo)).
69
+
-**Feed permissions**: navigate to the feed you want to access, select **Settings** > **Feed permissions**, and then add your *project build service* as a **Feed and Upstream Reader (Collaborator)**. The*Project build service* identity is formatted as follows: `[Project name] Build Service ([Organization name])` (for example, FabrikamFiber Build Service (codesharing-demo)).
73
70
74
-
#### Q: I want to download a pipeline artifact from another project but my pipeline is failing?
71
+
#### Q: How can I download a pipeline artifact from another project within the same organization?
75
72
76
-
A: If you want to download a pipeline artifact from another project within the same organization, make sure that the following permissions are set for both your downstream project and the pipeline generating the artifact:
73
+
A: If your pipeline is failing to download an artifact from another project, ensure the following permissions are set for both the downstream project and the pipeline generating the artifact:
77
74
78
-
On the pipeline generating the artifact (downstream project): select the ellipsis for more options > **Manage security** > search for your upstream project's build service and allow the following: **Update build information**, **View build pipeline**, and **View builds**.
75
+
-**On the pipeline generating the artifact** (upstream project): select the ellipsis for more options > **Manage security** > search for your downstream project's build service, then allow the following permissions: **Update build information**, **View build pipeline**, and **View builds**.
79
76
80
-
On the downstream project: **Project Settings** > **Permissions** > **Users** > search for your upstream project's name and then select **Expand search** > select your upstream project's build service and allow the following:**View project-level information**.
77
+
-**On the downstream project**: navigate to **Project Settings** > **Permissions** > **Users** > search for your upstream project's name, then select **Expand search** > select your upstream project's build service and enable**View project-level information**.
81
78
82
79
#### Q: If I enable upstream sources in a new feed and set its visibility to 'Members of your Microsoft Entra tenant,' do I still need to add Entra users to the Azure DevOps Organization that contains the feed?
83
-
A: Yes, you'll still need to add users to the Azure DevOps Organization for them to access the packages in the feed. You can add them as **Project Collection Valid Users** from **Organization Settings** > **Security** > **Permissions**. All standard Azure DevOps identity and licensing requirements will apply.
80
+
81
+
A: Yes, adding users to the Azure DevOps organization is still required for them to access the packages in the feed. You can add them as **Project Collection Valid Users** from **Organization Settings** > **Security** > **Permissions**.
0 commit comments