In GitHub or GitLab, to invite a collaborator, the administrator usually asks the collaborator's email.
Instead, how can the administrator allow anyone to request access through clicking a button on the GitHub / GitLab website?
I remember this was possible on at least one of these websites.
In GitLab, you can click on request access:
An email is sent to the most recently active project maintainers. Up to ten project maintainers are notified. Any project maintainer can approve or decline the request.
If a project does not have any maintainers, the notification is sent to the most recently active owners of the project’s group.
If you change your mind before your request is approved, select Withdraw Access Request
The OP Dean adds in the comments:
The maintainer can enable this by making the repo public but with visibility restricted to only project members.
With GitLab 15.8 (January 2023), that will trigger:
Create To-Dos for group owners on access request
Previously, access requests to a group appeared only in the Access requests tab in the Group members section.
Now, access requests also appear in the group owner’s To-Do List.
As a group owner, having access requests added directly to your To-Do List can help you manage your tasks more efficiently and add members quicker.
See Documentation and Issue.
And, still with See GitLab 15.8 (January 2023):
Create To-Dos for project owners on access requests
Previously, access requests to a project appeared only in the Access requests tab in the Project members section.
Now, access requests also appear in the project owner’s To-Do List.
As a project owner, having access requests added directly to your To-Do List can help you manage your tasks more efficiently and add members quicker.
See Documentation and Issue.
Related
I have an issue, I have a team (they are added into Github package's teams list with Write perm) of external developers, I want to restrict their ability to approve each other's PRs.
Meaning other team/users should be probably a different set of perms.
How can I do it? I wasn't able to find this on Github.
PS.
I tried adding this to .github/CODEOWNERS (also enabled require owner review)
* #company/company-devs some-special-developer
but #other_company/devs <- were still able to approve
I asked this question on the github community support forum, but I'll ask this here too since no reply there...
I am trying to setup a Github App to give some scripts limited Admin rights to some repos in an Organisation. The Organisation is (I believe) under an Enterprise account - we are using this currently instead of having an Enterprise server. I have created the App, transferred it to the Organisation, and one of the Organisation Admins (which I an not) has set me as the manager. So far so good. However, although I can see the App in the Organisation Settings, there is no “Install App” button. Also trying to use it in scripting gives 401 (A JSON web token could not be decoded) errors trying to get hold of a “PAT” for the app - even though the Admin has installed it into the app.
There is obviously something wrong but I’m at a loss. Does anybody know of some extra logs that can be looked at or have a suggestion on how to approach this. We’ve tried deleting the app and retrying - no different. I should say this is the third app I’ve created for transferring into the organisation this way - so far it has just worked.
We raised a support ticket on this so got a formal answer. I thought it might be useful to replicate the key part of the answer here. Essentially the issue is the fact this App has Admin rights. I am an Administrator on some of the repos, and am "App Manager" for this App, but I am not an Owner of the Organisation.
I quote:
"""GitHub App permission requests [control] access to a number of organization REST API endpoints... As these endpoints are outside the individual repository scope, only the organization owner can approve requests to add or change them. If this wasn't the case, App Managers who aren't organization owners would be able to grant an application the ability to view organization members and teams - which is private organization information that can otherwise only be granted by organization owners via inviting new organization members."""
Basically that is it. The original idea was to allow a central place to set some things that only an Administrator could set in a repo - c.f. branch rules. Seems that this can't be done as is with an App - the system just isn't flexible enough.
The alternative, which I know works, is to use the PAT of a user with Admin rights. That just feels less secure.
I am making a small Git / Github demo for first-time users and want to use Github Pages, for which I needed to create a new Github organization. During the 30 min I'll have to do the demo, users will need to create new Github accounts and join the organization. Since I'll have so little time, is it possible for users to request organization membership, rather than me having to invite each person manually by email lookup?
I've seen this before but only through third-party apps. Is there no way to do this directly within Github?
Directly with GitHub, I have seen no evidence of that feature.
Through third-party apps indeed, yes.
As an example: benbalter/add-to-org would automatically add users to an organization.
For smaller teams, this may not be possible. The feature that you have mentioned seems similar to user provisioning and is available for Enterprises through Okta /Azure Active Directory. This link has more details on the User Provisioning.
We want to set up a pool code review system where any developer can see a list of all pending code review requests and pick some to review. We're using Visual Studio Team Services.
As a first step, I need to allow the entire Project Collection Valid Users group to be added as reviewer of a pull request. (Currently the field seems to accept only users who are explicit members of the project team.) The second step is to grant read-access to all projects to all collection valid users.
The latter step seems to be answered by this answer.
But I'm completely stuck on making everyone a pull request reviewer. Is this even possible? If so how? (I'd prefer not to rely on a third-party extension if it can be done without.)
You can use below steps to make everyone as reviewers for VSTS pull requests:
Add an account level group to add all users as members for the group
In Security Page (https://account.visualstudio.com/_admin/_security) -> Create group -> input group name (assume it’s Engineering here) -> add all the users as members for the Engineering group.
Add the account level group (Engineering group) for each projects
In a project security page (https://account.visualstudio.com/project/_admin/_security) -> add the Engineering Group as a member for the project’s group or team.
Select the project team/group (which you add Engineering group as a member) for PR reviewers in the project
You can install Pull Request Dashboard extension to view the PRs clearly
You can install Pull Request Dashboard extension, so that users can view Pull Requests in the project by different kinds of categories: Request By me, Assigned To Me and Other Open Pull Requests.
By default, nothing like everyone, you can add as many people you want as reviewer.
We have quite a few repositories in our organization, and we are constantly adding more. We also have a few different teams - Superusers, Developers, Contractors, etc. I want every newly created repository to automatically assume default permissions, like Superusers get automatic admin access to the repo, Contractors group gets just read access, etc. Is it possible to set that up? Is there a setting somewhere that I missed? And if there's not a way to do that, is there a way to batch apply a permission for one group to all repos within an account?
Update June 2017: with nested teams, you now can associate permissions to sub-teams, which could help group of users to have the correct right regarding a repo part of the organization.
Original answer (Apr. 2016)
Is it possible to set that up?
I did not see a way through the native GitHub web GUI administration pages.
And "permission" is deprecated when creating a team.
What you could consider though is a webhook listening for a an event, like a repository event.
That script listening to the event could then use the Team API to update the permission of the teams (according to their names) for the newly created repo.