github automatically adds group to every new repository - github

i've an issue in my organization, whenever new repository is created one of groups is added automatically to that repository with read permissions. It cannot be removed from there even with organization owner privillages. It states that this is Managed by organization owners but no setting like this is visible either in that group nor in organization settings.
Any ideas how to change that/remove that "automation" without deleting this group from organization ?
Checked settings of both group and organization.

Related

Issue in team members access to azure devops project

I have added multiple team members to two different teams in Azure Devops project. But team members are not able to see organization, project and dashboards when they login to devops account?
team members are not able to see organization, project and dashboards
Users cannot see the organization, you can first check whether these users have been added to the organization in Users of Organization Settings.
Then you can check whether the user has the permission to access the project on the Manage user page.
Regarding that users cannot see the projects, you can check whether the “View project-level information” permission of the team is set to Deny in the Permissions of Projects Settings.
Regarding that the user cannot see the dashboard, there should be no permission to restrict it. All users in the project should be able to see the dashboard. Can you share the screenshots about this issue?
In addition, you can try to let users log in with incognito window to see if the problem exists. Check if your organization is connected to AAD.
This is the answer for my additional questinos.
To get an access to Devops project user must be added in the organization either as stakeholder or owner
Once they are owner or stakeholder they are able to access all the features.

Creating github repository for organisation assign maintainer admin rights only to the creator

We are group of developers who have a joint organisation on GitHub.
When we create a repository for the organisation on GitHub it is only the creator that is made admin and read, write, and maintainance rights are not given to the organisation, nor the organisation team.
We have to go to Settings => Manage Access every time.
Can this somehow be changed?
We have already contact GitHub support but after 3 months and no answer, we believe it is okay to ask the question here.
You can configure it in the organisation settings under Member privileges. The option is named Base permissions.
You can also access it under https://github.com/organizations/<organisation name>/settings/member_privileges.
By default, organisation members have no permissions in repositories created by other organisation members. In this setting, you can configure the permissions every member has in every repository owned by the organisation.
You can also create a team for the developers and give the team the required permission per-repository.

Azure DevOps default read access to members of organization on new projects

I manage an Azure DevOps organization with a couple dozen users, all with either Visual Studio subscriber or Basic user access level on the organization.
When someone creates a new project, which need to be private repos, I want all the organization users to automatically get read access to see the project and clone repos. Is there a way to do that? Everything works great once we grant the access at the project level, but sometimes people create projects and don't grant the access, so I don't know what projects exist. Do we need to rely on people creating the projects to grant read access to the group of users when they create them?
When someone creates a new project, which need to be private repos, I
want all the organization users to automatically get read access to
see the project and clone repos. Is there a way to do that?
This is not supported by design.
To protect private project, Azure Devops doesn't support automatically granting any access of newly created project to those normal Organization-level users unless the users belongs to the PCA (Project Collection Administrators, highest level in whole Org. It shouldn't be granted to normal users).
So we do need to rely on people creating the projects to grant read access to the group of users when they create them. Apart from project creators(people creating the projects), PCA or project administrators can also do this job.
You can create a new organization group which contains the Org users:
Then grant the access to those users by manually adding this group as member of default Project Reader group:

Setting permissions in Azure DevOps

I need some of my users to see/update only the boards others to see Repos, others to see the Pipelines only. Is there a way to set such permissions?
I couldn't find any default permission that does this
The lowest access level we can give is stakeholder and set users as Project Reader, this makes Repos invisible at most.Users can still see Boards and Pipelines,but without permission to update.
If you don't want some users to see Repos, then you can set the access level of these users to Stakeholder, and then check the project in Manage projects that you want the user to enter, so that these users can only see Boards and Pipelines without Repos in the project. Note:Make sure that the project you want these users to enter is a private project.
You can also set up the following settings to make the content in Repos inaccessible.
Setting: Project Settings -> Repos Repositories ->select the users or groups which you want to set permission -> change the Read permission to Deny
In addition you can make the build pipeline and release pipeline in the Pipelines service invisible to the specified users.
Settings: Pipelines Builds -> Click "⋮" choose Security -> select the users or groups you want to set permissions -> Change the View build pipeline permission to Deny
The same setting in Releases can make the release pipeline invisible.
Hope this helps.

Azure DevOps - deny access to repo

In Azure DevOps, is it possible to have users accessing all services except for the repo? By that I mean they should not be able to see any sourcecode.
Thanks
You can set deny permissions for all Git repositories for a project, or for a single repository.
Open the web portal and choose the project where you want to add users or groups.
To set the set the permissions for all Git repositories for a project, choose Git Repositories and then choose the security group whose permissions you want to manage.
Set all the permissions to "Deny" and then save the changes.
Setting permissions for all Git repositories for a project, or for a single repository is as follows.
Open the web portal and choose the project where you want to add users or groups.
To set the permissions for all Git repositories for a project, choose Git Repositories and then choose the security group or user whose permissions you want to manage. You can search for the user or group if not shown on the list as shown below
Set all the permissions to "Deny" or as dim fit and then save the changes.
click to see image