category | severity | online version |
---|---|---|
Microsoft Azure DevOps Projects |
Severe |
Project level release definition acl should not have custom permissions for Project Valid Users
Project level release definition acl should not have custom permissions for Project Valid Users. The Project Valid Users group is a special group that is automatically created when a project is created. It contains all users and groups that have been added to the project. This group should not be used to grant permissions to the release definitions.
Mininum TokenType: FineGrained
Remove the Project Valid Users group from the release definition acl.