Currently, the 7pace Reporting requires that a member of the Project Collection Admin group be set as the "service account". This gives the service account full access to areas that should not be needed by 7pace (like Repos, Pipelines, and Audit). I would like to understand the exact security that is required for 7pace Reporting and then craft an account with only those specific permissions applied.
I'm concerned that the 7pace service account has limitless permissions with the potential to wreak havoc in the name of someone else (the user that was set up as service account).
Can we get a security role of this nature on the roadmap and stop using Project Collection Admin?
Please sign in to leave a comment.