Oriaon Guardian is an extension that allows managing and governing security and permissions of Azure DevOps resources in a structured way. This is specially more applicable when an Azure DevOps project has multiple teams working within and have different permission requirements.
About Orion Guardian Extension
The extension has two components:
How to install backend
The details instructures to install the backend can be found here.
Custom Role definition
The administrators (or any other groups that are designated) can then also define Role - for instance, Software Developers, Site Reliability Engineers, Scrum masters, Engineering managers etc.
These roles can capture the permission set for each of the resources (like Repository, Library etc.)
Azure DevOps doesn't provide a folder structure for more of the resources, like Repository, service endpoints, environments, libraries etc. This extension brings the notion of folder structure, where predefined groups (like Project Administrators) can create folder structure, then associate resources (like Repository, Service endpoint, Environment etc.) to those folders.
Role assignments (RBAC)
Finally, they can assign the custom defined roles to a folder - which makes the role management much more easier to follow and saves efforts managing them granularly for each resources.
For further information: moimhossain.com/orion-guardian
You can create issue into the GitHub repository.