none
TFS Rest API; Update failing RRS feed

  • Question

  • I have a script that updates a TFS build definition. When I am using SYSTEM_ACCESSTOKEN for authentication, it fails with the error

    Invoke-RestMethod : {"$id":"1","innerException":null,"message":"TF215106: Access denied. Project Collection Build 
    Service (<collection name>) needs Edit build definition permissions for build definition <Build ID> in team project

    What permissions am I missing?

    I made sure the service account that TFS is running under has permissions to edit the build definition.

    Here is the code

    $url = "$($env:SYSTEM_TEAMFOUNDATIONCOLLECTIONURI)$env:SYSTEM_TEAMPROJECTID/_apis/build/definitions/$($env:SYSTEM_DEFINITIONID)?api-version=2.0"

    $Updatedefinition = Invoke-RestMethod -uri $url  -Method PUT -Body ($definitionJSON) -ContentType "application/json" -Headers @{     Authorization = "Bearer $env:SYSTEM_ACCESSTOKEN" }

    Friday, October 18, 2019 12:10 AM

All replies

  • Hi Divya,

    Welcome to the MSDN forum.

    As far as l know, when you want to use SYSTEM_ACCESSTOKEN for authentication, you should go to the Options tab of the build pipeline and select Allow Scripts to Access OAuth Token. So please do this first and then use your script as the document said.

    >> If this still does not work, please use the PAT for authentication. It is more widely used. When you go to build definition, do not forget to right-click security to add permission information.

    BTW, you can also redirect your issue to Stack Overflow with tag tfs for better support since the TFS forum has been moved there.

    Best Regards,

    Perry


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Friday, October 18, 2019 3:33 AM
  • Thank you Perry for your help. Allow Scripts to Access OAuth Token.is enabled. The same script works with GET, PUT is the one throwing the Access denied error. I tried with PAT as well and I got the same error. Also, the limitation with using PAT is that it has an expiration date (maximum validity is 1 year)
    Friday, October 18, 2019 3:58 PM
  • Hi Divya,

    After you finish the script update, did you do an iisreset on the App tiers like this document said?

    Perhaps you need a refresh on your app tiers.

    Best Regards,

    Perry


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Monday, October 21, 2019 9:22 AM