I've stumbled across this use-case recently whereby a user required access to a repository within an Azure DevOps project to make contributions. However, to reduce unnecessary exposure to other areas of the project, the permissions needed to be scoped to just a single repository only. The official docs do not cover this topic terribly well so below explains how this can achieved.
