I am from the engineering team in Azure Pipelines. We agree that the resource authorization experience needs improvement. We have been working on it. We would like to make sure that you can only include the reference to a resource (secure file, service connection, variable group, agent pool, etc) in your YAML file if you have permissions to access that resource. And, it becomes particularly hard to auto-validate this if you are pushing your YAML change directly to GitHub or another repository since we do not understand the identity of that user. If we are not sure, then the build fails with a resource auth error. You can do two things to rectify this - (a) with a recent change we rolled out, you can allow all pipelines to use a resource. This is a toggle that you will see on the resource (b) You can get someone with permissions to open the pipeline in the Pipelines hub of Azure Pipelines, and queue a build. You will get an option to correct the resource auth problem. We also made a recent change so that new resources that you create default to "usable in all pipelines". We are taking steps to improve this experience without compromising on the security of these resources for those that need that capability. More is planned in this area over the next couple of months. Thanks for understanding. I will also update the docs on this topic with all the updates that have been rolled out this week.