We have explored “Securing Build Definitions When Multiple Teams Work on a Single Team Project” in a previous post. Now the folders to group release definitions and applying permissions to isolate each team’s release definitions is also a possibility in VSTS. As we discussed in the “Securing Build Definitions When Multiple Teams Work on a Single Team Project” it is important to create the Build/Release admins VSTS permission group for each of the teams in the team project. Using the same admins group and the team we can setup permissions for release definitions folders. Let’s look at the steps in detail.
By default all release definitions are manageable by contributors group. You cave to click Security menu on All pipelines and set the contributors group permissions to “Not Set” to prevent all contributors from inheriting permissions to all release pipelines. If you want view releases and view definitions can be allowed for contributors.
You might want to create multiple groups in a team such as release approvers for a particular environment etc.Using the permissions and folders in new release hub will allow you to effectively control permissions as per your team needs and isolate each team’s releases from one another. However there is no better way to isolate each teams service end points within a single team project as of now.