I want to know if there is a way to give access to a private repository to people who don't have a GitHub account. Like a link, app or integrating the GH account to some platform like Teams or Slack. The people I intend to share code with share a Microsoft Teams team with me and a corporation mail name#comapny.com. Secure an official suggestions only please.
If your goal is to give them access to clone a repository but not otherwise interact with it, then you can use read-only deploy keys to allow them to clone and fetch the repository via SSH.
Otherwise, if you need more access, then each user will need to have their own GitHub account. It's intentional that users need their own accounts to properly enforce access controls and 2FA policies and to permit users to block and report bad actors. GitHub does not permit accounts to be shared.
Related
I have an issue, I have a team (they are added into Github package's teams list with Write perm) of external developers, I want to restrict their ability to approve each other's PRs.
Meaning other team/users should be probably a different set of perms.
How can I do it? I wasn't able to find this on Github.
PS.
I tried adding this to .github/CODEOWNERS (also enabled require owner review)
* #company/company-devs some-special-developer
but #other_company/devs <- were still able to approve
I asked this question on the github community support forum, but I'll ask this here too since no reply there...
I am trying to setup a Github App to give some scripts limited Admin rights to some repos in an Organisation. The Organisation is (I believe) under an Enterprise account - we are using this currently instead of having an Enterprise server. I have created the App, transferred it to the Organisation, and one of the Organisation Admins (which I an not) has set me as the manager. So far so good. However, although I can see the App in the Organisation Settings, there is no “Install App” button. Also trying to use it in scripting gives 401 (A JSON web token could not be decoded) errors trying to get hold of a “PAT” for the app - even though the Admin has installed it into the app.
There is obviously something wrong but I’m at a loss. Does anybody know of some extra logs that can be looked at or have a suggestion on how to approach this. We’ve tried deleting the app and retrying - no different. I should say this is the third app I’ve created for transferring into the organisation this way - so far it has just worked.
We raised a support ticket on this so got a formal answer. I thought it might be useful to replicate the key part of the answer here. Essentially the issue is the fact this App has Admin rights. I am an Administrator on some of the repos, and am "App Manager" for this App, but I am not an Owner of the Organisation.
I quote:
"""GitHub App permission requests [control] access to a number of organization REST API endpoints... As these endpoints are outside the individual repository scope, only the organization owner can approve requests to add or change them. If this wasn't the case, App Managers who aren't organization owners would be able to grant an application the ability to view organization members and teams - which is private organization information that can otherwise only be granted by organization owners via inviting new organization members."""
Basically that is it. The original idea was to allow a central place to set some things that only an Administrator could set in a repo - c.f. branch rules. Seems that this can't be done as is with an App - the system just isn't flexible enough.
The alternative, which I know works, is to use the PAT of a user with Admin rights. That just feels less secure.
I am making a small Git / Github demo for first-time users and want to use Github Pages, for which I needed to create a new Github organization. During the 30 min I'll have to do the demo, users will need to create new Github accounts and join the organization. Since I'll have so little time, is it possible for users to request organization membership, rather than me having to invite each person manually by email lookup?
I've seen this before but only through third-party apps. Is there no way to do this directly within Github?
Directly with GitHub, I have seen no evidence of that feature.
Through third-party apps indeed, yes.
As an example: benbalter/add-to-org would automatically add users to an organization.
For smaller teams, this may not be possible. The feature that you have mentioned seems similar to user provisioning and is available for Enterprises through Okta /Azure Active Directory. This link has more details on the User Provisioning.
My personal GitHub account is a member of an organization account which can create private repositories, and of which I am also an owner (but with a different username). I am trying to create a private repo while logged in from GitHub Desktop while logged in to my personal account. However, the private repository option is disabled, even after I choose the organization as the owner, as shown below.
So I have to log in to the organization account before the private option is enabled.
I can create a private repo normally from a browser, however.
Other following operations (e.g. commits) seem to be fine once I get the write permission.
So do I miss a step here? Or is this intentionally disabled in GitHub desktop?
Considering organizations only proposes private repos under a paid plan, maybe your personal account is not associated with a private account, while your other account owner of the organization is.
The web interface might have (on GitHub side) all the information to link the two accounts, but GitHub Desktop might not (locally) have that same information and might lack the API to query it.
I'm part of a GitHub organization developing a FOSS project. I'd like to run CI tests on Windows using AppVeyor. Currently I see my own fork of the project, and some other forks from people who have named me collaborator in GitHub. I don't see the upstream of the project, though. Apparently me being an administrator of the GitHub organization isn't enough to offer access to it in AppVeyor. But probably setting this up under my account would be the wrong approach anyway. Probably this should be under the name of the organization.
Towards that end, I'd like to have an AppVeyor account for this organization, with suitable permissions for its members. Reading http://www.appveyor.com/docs/team-setup it sounds as if AppVeyor could distinguish between users (with unique email and password) and accounts (to which projects belong), and a single user apparently can belong to multiple accounts while one account can have multiple users with different roles. In that sense, I'd like to create a new account without creating a user for it. Instead I as an existing user, identified by GitHub login, would like to become the first administrator of this new account, and ready to change settings and add more users. How do I do this?
You can't create a new account without a user. Just use some your email/password to create an account, then add existing user as collaborator.