Saturday, November 16, 2019

Resolving "user lacks permissions" in NuGet push task of Azure Pipelines

This post will discuss the issue you might get when trying to push the nuget package to the Azure DevOps Artifact feed using the build pipeline.

pre requisites: Azure DevOps arifacts feed
Let’s get started.
  • You can implement the build pipeline to pack and push the nuget package to the the Azure DevOps nuget feed as explained in this post.Using NuGet Packages as Azure DevOps Artifacts Once you configured the build pipeline, it will look as follows.


  • After triggering, the build  might get failed from the nuget push step with the following warning.

    ##[warning]Could not create provenance session: {"statusCode":500,"result":{"$id":"1","innerException":null,"message":"User 'bf726c33-30e3-4559-8655-4badf25ea6e0' lacks permission to complete this action. You need to have 'ReadPackages'.","typeName":"Microsoft.VisualStudio.Services.Feed.WebApi.FeedNeedsPermissionsException, Microsoft.VisualStudio.Services.Feed.WebApi","typeKey":"FeedNeedsPermissionsException","errorCode":0,"eventId":3000}}

  • It says the user doesn't have the permission to push the package to the given nuget feed. So, we need to find out current permission level of the user. You can find the user id from the error message. Use that user Id and find the user name of the user who try to push the nuget package. To do that you can use Azure DevOps API.
  • Use the following with relevant details to get the user list. You will get the json file with the user details. Use that and filter the user name of the given user id.
https://vssps.dev.azure.com/{organization}/_apis/graph/users?api-version=5.1-preview.1
  • Now you know the user name. Go to Azure DevOps Artifacts and Navigate to relevant feed.
  • Open the feed settings.
  • Feed setting page will open. Go to permission tab and click on Add users/ groups.Add the user as the contributor to the feed.

  • Now trigger the build. You would be able to complete the build without any permission issues.
  • If you think logically you can find the user easily without using the API. Normally, build steps run by the build service user of the team project.Hence, you can easily add the nuget feed permission to build service user of the team project and solve this issue.
We have discussed the nuget feed permission error and how we can solve the issue by giving relevant permission to build service user.

No comments:

Post a Comment