Azure Devops publishing to own feed suddenly results in 403 forbidden

To further expand on Merlin's solution & related links (specifically this one about scope), if your solution has only ONE project within it, Azure Pipelines seems to automatically restrict the scope of the job agent to the agent itself. As a result, it has no visibility of any services outside of it, including your own private NuGet repos held in Pipelines.

Solutions with multiple projects automatically have their scope unlocked, giving build agents visibility of your private NuGet feeds held in Pipelines.

I've found the easiest way to remove the scope restrictions on single project builds is to:

  1. In the pipelines project, click the "Settings" cog at the bottom left of the screen.
  2. Go to Pipelines > Settings
  3. Uncheck "Limit job authorization scope to current project"

Hey presto, your 403 error during your builds involving private NuGet feeds should now disappear!


"message":"User 'a831bb9f-aef5-4b63-91cd-4027b16710cf' lacks permission to complete this action. You need to have 'ReadPackages'.

According to this error message, the error you received caused by the user(a831bb9f-aef5-4b63-91cd-4027b16710cf) does not have the access permission to your feed.

And also, as I checked from backend, a831bb9f-aef5-4b63-91cd-4027b16710cf is the VSID of your Build Service account. So, please try with adding this user(Micxxxave Build Service (sixxxxss87)) into your target feed, and assign this user the role of Contributor or higher permissions on the feed.

In addition, here has the doc you can refer:

enter image description here

There is a new UI in the Feed Permissions:

New UI to allow project-scoped builds