How can we improve Azure DevOps?

better permission management (user interface, identity picker)

This suggestion is migrated to Developer Community. Please use below link to view the current status.
https://developercommunity.visualstudio.com/content/idea/365834/better-permission-management-user-interface-identi.html
Permissions can be assigned at project level. This works very well. A user can see only the project in which he is involved.
But the user can access the User Page and can see all the other users oft the VSTS account.
Also every user can select all other users from the Azure AD in the identity picker of a WorkItem (no matter if the user is in the same project or not).
A customer user should not know our other customers. Also a external developer should not know our other customers.
Simply put: It is not compatible with data protection laws. So we straight into a legal conflict.

For the identy picker counting the same reasons.
Besides, it is not really intuitive to use if the user sees unknown names.

Also, I think it is not necessary that access to the admin panel exists.
Over the admin panel a user can find a list of teams:
He can draw conclusions on the other projects.

For Stakeholders vsts hides the code tab. That’s why I think that's no big development or?
From our point of view this is a very important step for the tool.

Summarized:
- hide UserHub for non admin users
- hide admin panel for non admin users
- show only users in the identity picker from the project

152 votes
Sign in
(thinking…)
Password icon
Signed in as (Sign out)

We’ll send you updates on this idea

Jörg shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

6 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • James commented  ·   ·  Flag as inappropriate

    Another vote to get this fixed. I'm going to have to create a new tenant for each client at this rate. Please fix.

  • [Deleted User] commented  ·   ·  Flag as inappropriate

    Hi Microsoft, Is it possible to get an update on this? It's preventing us from using VSTS with our external customers as we cannot share the email addresses of all our users with all other users - it constitutes a security breach.

    If anyone has found a solution to share the VSTS backlog with external users but without exposing our customer list to all other users, please post here!

  • Marco Schmitnägel commented  ·   ·  Flag as inappropriate

    Important topic! We create a project for each customer and sometimes add external stakeholders to them. Those users just have to find a way to the admin settings security page (https://xxxxxx.visualstudio.com/_settings/security?_a=members) and open the "Project Collection Valid Users" group members - so they can view the names of all our other customers due to the fact, that the project Name (=customer name) is listed in the column "Username or Scope.
    IMHO there is no need for an external stakeholder to access any project collection settings page.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I agree, it's very important that you CANNOT select a user in a work item in a project to which that user is not assigned.

    This matters for security: exposing emails of users on one team to users on another.

    It also makes it very difficult to catch when a work item is assigned to the wrong person.

Feedback and Knowledge Base