DevOps Insight connection: permission issues

Go to solution
Lam Hoang
Tera Expert

‎04-04-2023 06:52 AM

We are trying to an Azure environment with our DevOps insight tool, but we are struggling with the right Azure permissions to connect.

 

From DevOps connection page it's required to have the project administrator role.

 

The Azure account has all the required information and permissions as described on the doc site from SN (https://docs.servicenow.com/en-US/bundle/utah-devops/page/product/enterprise-dev-ops/reference/dev-o...)

 

 

Workaround is to assign the integration user the role of Project Collection Administrators group, but that is on the organization level, instead on the project level. This is not recommend from security standpoint from Azure admin team.

 

My question is what did I miss during the setup?

 

Some error details:

 

Getting the following error, while connecting to Azure.

 

Object

Permissions required

Permissions available

Impact

Permissions

Project Administrators

Not granted

Required to create webhooks automatically to receive data in real-time and to create Service connections automatically which is used to configure ServiceNow tasks like change acceleration, artifact and package registration, etc

LamHoang_2-1680616289977.png

 

 

 

0 Helpfuls
  • 1,215 Views
1 ACCEPTED SOLUTION

Go to solution
Brian15
Tera Guru

‎05-30-2023 02:41 PM - edited ‎05-30-2023 02:43 PM

We actually did just have this issue.  Here is what I did -

  1.  In Azure granted webhook permissions explicitly at the project level.  
  2.  In ServiceNow corrected the release URL.  The ServiceNow release connection did not include https://vsrm.dev.azure.com

 

The security notice will not go away, but it will work.

View solution in original post

0 Helpfuls
4 REPLIES 4

Go to solution
Brian15
Tera Guru

‎05-05-2023 09:26 AM

This helped me, had to be in the correct scope to complete setup.

 

https://www.youtube.com/watch?v=YzVo7ga-JlE&list=PLkGSnjw5y2U70_XJlxssE2dl-BGAcM7MS&index=4

Getting Started with DevOps Change Velocity | DevOps Change Velocity Workspace
Getting Started with DevOps Change Velocity | DevOps Change Velocity Workspace
youtube.com/watch?v=YzVo7ga-JlE&list=PLkGSnjw5y...
DevOps Change Velocity Workspace is now available! Get started now with the following setup guidance and integration requirements in this video. All functions covered in this video, as well as the OOB integrations and Change workflow, are included for all ServiceNow's ITSM Pro customers
0 Helpfuls

Go to solution
Brian15
Tera Guru

‎05-30-2023 02:41 PM - edited ‎05-30-2023 02:43 PM

We actually did just have this issue.  Here is what I did -

  1.  In Azure granted webhook permissions explicitly at the project level.  
  2.  In ServiceNow corrected the release URL.  The ServiceNow release connection did not include https://vsrm.dev.azure.com

 

The security notice will not go away, but it will work.

0 Helpfuls

Go to solution
Lam Hoang
Tera Expert

‎07-10-2023 05:26 AM

Just to follow up on this topic. We have updated the tool to 1.37 and now we can decide on which level (org or project level). We have also learned that skipping this message is working to create the required web hooks.

 

 

0 Helpfuls

Go to solution
Saurav
Tera Expert

Wednesday

@Brian15  - The Challenge is wit this if you setup at ORG level and you have vast majority of projects getting created then each time it will need to be a new credential .. for each project.

 

0 Helpfuls