gh-issues icon indicating copy to clipboard operation
gh-issues copied to clipboard

Published 20 hours ago verified publisher icon todogroup

Change permission from organization default

Open bennysp opened this issue 7 years ago • 7 comments

We would like to be able to have the Org level permission default to "read", but give the Repo admins the ability to remove the default permission so that they can control the permissions if absolutely necessary.

At the organization level, maybe they would have a checkbox that says something like "allow repo admins to override default permissions" and "allow github org owners to override default permissions".

bennysp avatar May 25 '18 20:05 bennysp

I'm not understanding what operation you can not currently do. Worst case, you create a team "all org members" and repo admins can grant that team write permissions as needed.

There are various scripts for automating the maintenance of such a team.

hwine avatar Jun 05 '18 18:06 hwine

@hwine Sorry for the confusion. Some of the teams would like to "lock down" to not even read their repository. Since the default we set in the organization is set to read, how can a repo admin remove this default and override it?

bennysp avatar Jun 06 '18 00:06 bennysp

In other words, they want to lock down to just their team with no one else in the org having the ability to read their repo, even though we have read set as the default in the org.

bennysp avatar Jun 06 '18 00:06 bennysp

@bennysp you get that by making the repo private.

hwine avatar Jun 06 '18 20:06 hwine

@hwine in a Github organization, all our repos are "private". But internally, they are all readable.

I should have clarified, this is Github Business, so I apologize for the confusion.

bennysp avatar Jun 07 '18 02:06 bennysp

No worries -- I think you're at the "use teams" solution then, perhaps with some automation to support your (new) workflow.

hwine avatar Jun 07 '18 18:06 hwine

Yeah. I was really hoping there could be something like this...

Read --> Override Default --> Allow _____ group

vs

Read --> No default --> Allow everyone group (through manual or automated workflow)

Concern is that by not having the Read default, I don't think a lot of our repo admins will "remember" to add the team everyone.

I think that is where you are saying we build some workflow automation into how a repo could get created and this would happen by default then. I appreciate the idea on a workaround to the problem, but I guess I would like to see if there is anyway to get this override ability as some type of feature request?

I have also logged this request to our account rep at github.com.

bennysp avatar Jun 09 '18 17:06 bennysp