13

in my Company, we've got a lot of repositories in one private github organization (not accessible publically). Ideally, all developers should have read access to all repos in that organization, while just having write access to the repositories of their project.

For that, I've set up a couple of github teams (for each project). Each of that teams should have write access for some repositories (easy to configure in the repo settings) but read access for all other repositories. I'm struggling with this one, as I can only grant read access to each individual repository. This is not only painful (because we have a lot of repositories) but will also not automatically work when new repos are created.

Is there anything, I'm missing to set this up properly?

Thanks, Matthias

Matthias
  • 2,622
  • 1
  • 18
  • 29
  • That is how it works. You have to manually give the team access to each repository. – Gaia Oct 05 '16 at 14:36

4 Answers4

2

You need to do it manually only as github doesn't provide this functionality.

Suraj Singh Rathore
  • 892
  • 7
  • 9
0

You can script this using github cli.

The following gist gives permission to all repositories in an organisation to all members of a team.

You can tweak it however you want.

https://gist.github.com/AndreyDodonov-EH/f30e26516ed83cfbd26f24329d40749c

gh repo list ${ORG} --limit 1000 | awk '{print $1}' | while read -r OWNED_REPO
do
    gh api --method PUT \
        -H "Accept: application/vnd.github.v3.repository+json" -H "X-GitHub-Api-Version: 2022-11-28" \
    /orgs/${ORG}/teams/${TEAM_SLUG}/repos/${OWNED_REPO} -f permission=${PERMISSION}
done

Limitation - it will work only for existing repositories (unless you chron it somehow, e.g. with github actions).

Do-do-new
  • 794
  • 8
  • 15
0

Nowadays one can give base permissions to all organisation members for all organisation repositories via:

  1. https://github.com/ORG (change ORG to your organisation name)
  2. Settings
  3. Member privileges
  4. Base permissions

Read access can be configured that way. Write access needs to be configured individually to each repository.

Information from the above GitHub page:

Base permissions to the organization’s repositories apply to all members and excludes outside collaborators. Since organization members can have permissions from multiple sources, members and collaborators who have been granted a higher level of access than the base permissions will retain their higher permission privileges.

Eastman
  • 85
  • 10
-4

All team members within the organization will have read-only access by default I believe (they can read and clone repositories).

If you want to give write access to certain teams, rather than go to repo settings, go configure in the team settings. Try this, maybe it will work:

  • create team, add members

  • add repositories in the respective tab, for which you want to provide write access to the team

  • under Settings, give write access (which will apply to the repositories added above against the team)
codePrady
  • 110
  • 7
  • Hi praneeth001, That is what I also thought, but unfortunately, it's not the case. Being a team member of the org does not give you access to it's repositories in our case(?). Or is there anything I need to enable for that? – Matthias Oct 05 '15 at 07:20