Update prerequisites.md #14299
Open
Update prerequisites.md #14299
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added note for additional step when deploying via azure Pipelines so the service connection's app registration service principal is added back to Azure DevOps for permission to provision the pools
|
@diogocatossi : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
| @@ -225,6 +225,10 @@ When you create a Managed DevOps Pool, the account you use to sign in to the Azu | |||
| | **Organization-level Agent pools administrator** | Administrators of agent pools at the organization level can [create new agent pools as well as perform all operations on them at the organization level](../organizations/security/about-security-roles.md#agent-pool-security-roles-organization-or-collection-level). | A [Project Collection Administrator](../organizations/security/look-up-project-collection-administrators.md) or another **Organization-level Agent pools administrator** can add users to this group and grant them the administrator role. For more information, see [Set organization security for all agent pools](../pipelines/policies/permissions.md#set-organization-security-for-all-agent-pools). | | |||
| | **Project Collection Administrator** | The Project Collection Administrators group is the main administrative security group defined for an organization and can perform all operations in an Azure DevOps organization, including creating new pools. | Other project collection administrators can add users to this group. For information about this group and how to see its members, see [Look up a project collection administrator](../organizations/security/look-up-project-collection-administrators.md). | | |||
|
|
|||
| > [!NOTE] | |||
| > When deploying your Managed DevOps Pool using Infrastructure-as-Code via an Azure Pipelines make sure the service connection's App Registration is added to one of the groups above as described [here](https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/service-principal-managed-identity?view=azure-devops#2-add-a-service-principal-to-an-azure-devops-organization), otherwise deployment will fail with error [The logged in user does not have Manage permissions in the Azure DevOps organization](https://learn.microsoft.com/en-us/azure/devops/managed-devops-pools/troubleshooting?view=azure-devops#the-logged-in-user-was-not-found-in-the-azure-devops-organization) | |||
There was a problem hiding this comment.
Suggested change
| > When deploying your Managed DevOps Pool using Infrastructure-as-Code via an Azure Pipelines make sure the service connection's App Registration is added to one of the groups above as described [here](https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/service-principal-managed-identity?view=azure-devops#2-add-a-service-principal-to-an-azure-devops-organization), otherwise deployment will fail with error [The logged in user does not have Manage permissions in the Azure DevOps organization](https://learn.microsoft.com/en-us/azure/devops/managed-devops-pools/troubleshooting?view=azure-devops#the-logged-in-user-was-not-found-in-the-azure-devops-organization) | |
| > When deploying your Managed DevOps Pool using Infrastructure-as-Code via an Azure Pipeline make sure the service connection's App Registration is added to one of the groups above as described [here](/azure/devops/integrate/get-started/authentication/service-principal-managed-identity?view=azure-devops#2-add-a-service-principal-to-an-azure-devops-organization), otherwise deployment will fail with error: [The logged in user does not have Manage permissions in the Azure DevOps organization](/azure/devops/managed-devops-pools/troubleshooting?view=azure-devops#the-logged-in-user-was-not-found-in-the-azure-devops-organization). |
|
@steved0x - Can you review the proposed changes? IMPORTANT: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added note for additional step when deploying via azure Pipelines so the service connection's app registration service principal is added back to Azure DevOps for permission to provision the pools.
Failing to do so will result in the following error:
The request has been completed with result Failed. Please check details with more information., Failed to provision agent pool. Exception: The logged in user, ea35e7f5-#####-####-####-2dd224db795b, does not have Manage permissions in the Azure DevOps organization provided, https://dev.azure.com/########. (Code: PoolProvisioningFailed)