1.2.3 Ensure repository deletion is limited to specific users

Ensure only a limited number of trusted users can delete repositories.

Restricting the ability to delete repositories protects the organization from intentional and unintentional data loss. This ensures that users cannot delete repositories or cause other potential damage — whether by accident or due to their account being hacked — unless they have the correct privileges.

Verify that only a limited number of trusted users can delete repositories.

Enforce repository deletion by a few trusted and responsible users only.

In case of Azure Devops platform, ensure only users member of admin groups has the Delete or Disable Repository permission allowed.