Azure pipeline extension service account not able to see change templates unless given Admin role
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2024 02:54 PM
Hi Community,
I have a question regarding the Azure Pipeline Extension. The service account is not able to see the standard change templates in ADO unless it is given the Admin Role
I have tried to give the service account other roles in accordance with these reference documents. They have all been unsuccessful.
Any helpful hints/tips/tricks/comments would be greatly appreciated.
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2024 02:09 PM
Hi,
I have encountered a similar issue during the implementation process on my side. It is essential to have the Project Admin role initially; however, it should not be utilized for an extended period. Initially, this role is necessary, but subsequently, it is advisable to reduce the privileges and request access to a sub-admin role or an equivalent position.
If there are any objections to sharing the 'Project Admin' role, it is recommended to create a ticket in the system - Hi Ticket. Collaborate with the ServiceNow team to facilitate communication with the DevOps Tool team in order to obtain the required access.
Suresh.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2024 01:15 PM
Found the solution:
1. The service account must have one of these roles (not all):
* itil (with admin overrides)
* sn_devops.integration
* sn_devops.app_owner
* sn_devops.tool_owner
* sn_change_write
Note: For many admins they can stop at step one. For myself, the service account had sn_change_write but still did not work as documented
2. Check which role is used to read/write to access table sys_template
For me there was a custom ACL that was blocking