Segregate SSH Access for Multiple Repositories in One Account - github

I would need to give access to our three git hub repositories, segregating them for working group. Each working group should be enabled to only see and operate on its own one.
I enabled the SSH pair key access method for our Company Account, going into the Company Account Settings and adding the Public Key in the SSH and GPG Keys Section. It properly works.
However, my doubt here is the following:
If I give this private key to the working groups, they would see all three repositories, while I would need to assign a different private key for each one of the repositories and working groups.
I was not able to find a section to abilitate the feature at a repository level.
Anyone who can help on this?
Many thanks,

The typical way to do this is to grant access to those repositories based on a team. If your company account is an organization, then you can create teams and assign each member to an appropriate team. Then, you can grant access to each repository in its settings to an appropriate set of teams.
If your company account is an individual account, that's not ideal. You can add some contributors to each individual repository in the settings to allow them access. You should probably convert this company account to an organization instead.
Once you've done that, then users should use their own SSH keys or personal access tokens to access the repository. You shouldn't need to give any organizational-level keys to users.

Related

GitHub Personal Access Token Private repo scope

I am currently trying out Netlify function and using Netlify-cli to setup the CD. In the authorizing options, I picked the GitHub Personal Access Token and I want to know if the Full control of private repositories scope will include the private repos in the organization that I am apart of as I don't want it to access the repos in the organization.
The scope has a few implications and you should probably look at a user specific role for setting up access tokens without giving access to a user (yourself) as the owner of the org repositories you have.
Create a (machine) user that has access to only the one repository or repositories (private) that would limit the access to these repositories or an organization repository. Since private tokens have read/write access this is a prudent approach to making sure you're limiting access to other repositories using the token.
If at a later time this changes on Github, this will no longer be needed. It is the approach I have used to limit my exposure to a leaked token or access.

How to give someone access to a private repository while still allowing me to be the single owner?

I have project on Github of which I need help with. It started out as a personal project and now evolved to me incorporating a company and hiring someone. How can I give this person access so that they cannot delete anything and only I will be allowed to accept their code changes or not?
This is a personal github account and the repository is private.
Since the account is a personal account, you will be the owner unless you explicitly transfer ownership. Anyone you give access to will be a collaborator. They cannot access repository settings, add or remove collaborators, or delete the repository, for instance.
However, GitHub does not provide fine-grained permission controls for collaborators of repositories from personal accounts. You cannot prevent them from having write access. This help page provides a list of things collaborators can do in the repository.
You can (partly) achieve what you want by protecting your master branch and requiring reviews for pull requests.
For more fine-grained access control, you could create an organization account and transfer the repository there, and keep yourself as the sole user with admin permissions. You can then give your collaborator only read permissions.

How to setup Azure DevOps Repo Read Only Access

Objective: Allow different clients access to only read/pull from my private repo.
Overview:
Listed are the different options that I am aware of:
I could invite the clients and give them access to the Basic access level but do know what to have to pay for different users just to read/clone from the repo.
I could create a single user with Basic access level and then create git access tokens for them individually. However, I did not see a way to restrict the access tokens to be project/repo specific. Instead, the access tokens create had the same privileges as the created user.
Question: What is the best practice to provide access to an external user to only access the private Azure DevOps repo?
Note: I have seen this link and did not know if there were other options.
To make the user only have read access to all repos in one project:
You may consider making the user a reader instead of contributor or Project Administrators, so the user can have only read access to the repos in one project.
Organization Settings=>Users(General)=>Manage user=> select Project reader.
More details about project readers you can check this document.
To make the user only have read access to one special repos in one project:
We can control related permissions from Project Settings=>Repositories(Repos)=>Version Control Administrators:
Hope all above helps :)

GitHub how to give a user admin access based on repo's tags

Is it possible to give a specific user admin access to certain repositories in your organisation based on their tags?
I'm trying to give a member admin access specifically to several repositories (10+) related to a group of projects, but not all repositories. I can manually do that but I wonder if there's a more efficient way.
I haven't been able to find the answer anywhere.
I'm unaware of a way to grant permissions by repository tags, but a GitHub Team would be a good option for this.
Create a new GitHub Team, give it appropriate access to the 10+ repositories, and then assign the member admin to that team. They should then be able to administrate only the added repositories.

Restrict Github API access to only one repository of an user

We have an web application, which lets the user write code and store it in an internal git repository on our server.
Now we wanted to allow the user to share his code with his github repository. So we looked through the api documentation of github and found a way via ouath2.
However to make this work, we need to request write access from the user, but github oauth access scopes only include write access to all repository of an user, which is way too much for us.
Is it possible to restrict an api access for only one specific repository of an user?
As per jasonrudolph comment, it is not currently possible to restrict API access to a specific repository.
Deploy keys are the closest thing that provides this type of functionality. (This won't help you from an API perspective, but a deploy key might meet your underlying need.) If your application were to generate an public/private SSH keypair, and the user were to add the public key as a deploy key in the repository, then you could use the private key to access just that one repository (without having access to the user's other repositories).