PAT token in source- minimum scope/permission needed

[ArpitaDixitM]

Hi all,

Can you specify list of the required permissions/scope for a PAT Token?
Creating a full access token is restricted in my organization. If not PAT what other options do I have for migration?

[MrHinsh]

It is recommended that to run migration, your account is in the Administrators group for the Organisation.

In Azure DevOps/TFS, "Denied" security tags can be added to things. This will prevent a successful migration. Denied are bypassed for Admins. If you are willing to take the risk that not all work items, links, and area paths will be accessible, then Project Admin is OK.

Unfortunately, for PAT tokens, there are hidden "scopes" that can't be selected and are only available with a "full access" token. This is a limitation of Azure DevOps and cant be changed. We use the BypassRules flag in the API which is not present as a Scope. You can try with only the "manage" permission on Work Items, but we have not tested it.