Teams that have read access to all repositories of an organization

Asked 30/9, 2015 at 14:30 Answered 16/7 at 7:30

in my Company, we've got a lot of repositories in one private github organization (not accessible publically). Ideally, all developers should have read access to all repos in that organization, while just having write access to the repositories of their project.

For that, I've set up a couple of github teams (for each project). Each of that teams should have write access for some repositories (easy to configure in the repo settings) but read access for all other repositories. I'm struggling with this one, as I can only grant read access to each individual repository. This is not only painful (because we have a lot of repositories) but will also not automatically work when new repos are created.

Is there anything, I'm missing to set this up properly?

Thanks, Matthias

Winstonwinstonn answered 30/9, 2015 at 14:30 Comment(1)

That is how it works. You have to manually give the team access to each repository. – Keener 5/10, 2016 at 14:36

You need to do it manually only as github doesn't provide this functionality.

Guam answered 3/1, 2022 at 8:10 Comment(0)

I also faced this issue recently but fixed it with these steps:

Go to your organization settings
Click "Member privileges" section in left menu
Under "Base permissions" section, change "Read" option to "No permission"

This change applies to all existing users with read access.

screenshot

Gush answered 16/7 at 7:30 Comment(0)

You can script this using github cli.

The following gist gives permission to all repositories in an organisation to all members of a team.

You can tweak it however you want.

https://gist.github.com/AndreyDodonov-EH/f30e26516ed83cfbd26f24329d40749c

gh repo list ${ORG} --limit 1000 | awk '{print $1}' | while read -r OWNED_REPO
do
    gh api --method PUT \
        -H "Accept: application/vnd.github.v3.repository+json" -H "X-GitHub-Api-Version: 2022-11-28" \
    /orgs/${ORG}/teams/${TEAM_SLUG}/repos/${OWNED_REPO} -f permission=${PERMISSION}
done

Limitation - it will work only for existing repositories (unless you chron it somehow, e.g. with github actions).

Ondrea answered 23/5, 2023 at 15:28 Comment(0)

-4

All team members within the organization will have read-only access by default I believe (they can read and clone repositories).

If you want to give write access to certain teams, rather than go to repo settings, go configure in the team settings. Try this, maybe it will work:

create team, add members
add repositories in the respective tab, for which you want to provide write access to the team
under Settings, give write access (which will apply to the repositories added above against the team)

Underside answered 30/9, 2015 at 22:57 Comment(1)

Hi praneeth001, That is what I also thought, but unfortunately, it's not the case. Being a team member of the org does not give you access to it's repositories in our case(?). Or is there anything I need to enable for that? – Winstonwinstonn 5/10, 2015 at 7:20

Recommended topics

Hot tags