Azure DevOps Training and Access Process Definition
Table of Contents
Overview
The new Azure DevOps (AZDO) environment represents a significant enough of a departure from legacy environments that the typical user needs to be trained to avoid adverse effects. Most salient among these would be the overtaxing of the Energizers team support capacity.
The aim of this document is to describe the process of ensuring that all users are properly trained and of granting them the proper level access.
Constraints
At the time of this writing, a significant portion of the candidate population for training has access to Pluralsight, a web-based enterprise-wide training platform offering a suite of training videos customized to meet Medtronic needs surrounding Azure DevOps.
Not every team has access to Pluralsight, thus such teams will have to devise their own approaches.
- Pluralsight licenses are currently available for MDT Badged employees and Mounds View Contractors
- Others will need to work with your Functional manager to purchase more licenses or define an alternate training strategy.
- Contact Tarun Bhatia for information on Pluralsight licensing.
- Contact your Functional Manager if you are unsure about your User Role.
- Functional managers are responsible for tracking training completion & establishing an access management process with the DL owners
The Process in a Nutshell
- The manager works with a given team member to decide what role this member will play in the new AZDO.
- Depending on the team member’s role, the training curriculum is determined (see Deciding Roles and Training Levels below). Teams without access to Pluralsight will have find their own training solutions.
- Upon completion of the curriculum, the manager works with the Project Admin DL's listed here to ensure that this team member can be granted access to the relevant projects and the appropriate roles. The manager is expected to confirm and track that the team member has completed the level of training needed.
- The Project Admins should institute access rights to the appropriate DLs based on the user's role and project. More information on access rights can be found here.
Deciding Roles and Training Levels
A Simple Heuristic for Deciding Training Levels
Everyone needs to take Basic.
Every engineer needs to take Intermediate, and we recommend that POs, SMs, PMs also take it.
Expert is optional unless you are working on a team doing "DevOps enablement" like Energizers or Build and Deploy then it is strongly recommended but still optional.
Roles, Access Levels, Permission Group, Training & Licensing
| User Function | Access Level In the Project | Microsoft License1 | Training |
|---|---|---|---|
| All | Reader User has default “read” access to projects generally with limited “write” capability. |
Microsoft License: Stakeholder – no cost | Basic Azure DevOps Education or |
Engineers Optional: Product Owner, Scrum Master and Project Manager |
Contributor User creates, reads, updates, and deletes contents within assigned projects scope |
Microsoft License: Basic or Visual Studio Subscription |
Intermediate Azure DevOps Education or |
| Test Engineers | Contributor User creates, reads, updates, and deletes contents within assigned projects scope |
Microsoft License: Basic + Test Plans or Visual Studio Subscription |
Intermediate Azure DevOps Education or |
| Build and Deploy, Tech Leads, Infrastructure, Architects or Administrators | Admin Within the confines of the appropriate scope, the user implements, monitors, and maintains Microsoft Azure solutions, including major services related to compute, storage, network, and security |
Microsoft License: Basic, Basic + Test Plans, or Visual Studio Subscription | Advanced Azure DevOps Education or |
1Microsoft License Explanation site
Tracking Training Status , Quality Requirements and Granting Access
Historical Precedent with Team Foundation Server (TFS)
The TFS Admin approached the Medtronic training platform administrators (Cornerstone and its predecessors) to include TFS training in the curriculum, thereby enabling the tracking and documenting of a given user’s training status. The Medtronic training platform did not permit non-company wide training to be added to the platform and therefore TFS training was not included in on-line training.
The TFS Admin provided introductory training sessions and individual support.
Implications for Azure DevOps (AZDO)
If the experience with TFS is to serve as a precedent, then training status would not be required to be formally tracked from a Quality perspective.
Individual Teams’ Management Serve as Gatekeepers
Furthermore, since currently there is no uniform training plan, nor exists an automated ability to track training, it is thus left to individual teams’ management to ensure that member get the proper training and that they have completed it.
Individual Teams’ Management Responsible for Managing Team Members’ Access
Individual teams’ management will be responsible for requesting access via Distribution Lists (DL) for their team members once the training needs have been satisfied.
Retiring Access
Historical Precedent with Team Foundation Server (TFS)
The TFS Admin noted that when Full Time Employees leave, their accounts are disabled, then removed by Medtronic.
When a contractor’s contract ends, Medtronic is normally aware of that fact and the contractor’s account is shut down.
However, it was noted that contracting houses can sometimes not let Medtronic know of a departure of one of their people.
Implications for Azure DevOps (AZDO)
Individual Teams’ Management Responsible for Removal of Access
Managers of the teams are responsible for tracking the departure of Medtronic and contractor team members and instructing AZDO team admins to remove access.
Individual Teams’ Management Responsible for Notifying IT to Change Distribution Lists
Managers of the teams are responsible for notifying IT of departures so that, in turn, IT can update the Distribution Lists (DLs) .