I have to think of a way to create an approval process on Bitbucket for repositories.
Before creating a repository, co-worker submits a ticket to get approval from manager to be able to get the "go-ahead create repository" or denied. Is this possible to do?
My manager notified it could be similar to submitting a ticket on Sharepoint.
I have not found any ways by trail and error or from using resources, so I am reaching out to see if anyone else had to do something similar.
Are you using Bitbucket Cloud or Bitbucket Server?
In either case, I don't believe there's a way to provide conditional, temporary permission to create a single repository of a specific name or team/project.
What I would do in your situation is to set up some kind of bot account (whether using a dedicated account, or a selected individual's account in combination with an app password/personal token) that could be triggered by your approval process and would create a specified repo and grant permissions to it to a specified user. Depending on the tools you're using it's a pretty open ended solution space, but the API calls for Bitbucket Cloud and/or Server should be reasonably straight forward to achieve this, so it's just matter of figuring out how you would trigger and run such an automation.
Related
My colleague submitted a pull request on a repository. I made a recommendation on renaming a function but I clicked "Approve with recommendations". However, from here I cannot do anything. I cannot "Complete" the pull request. The Complete button remains disabled.
We made a team and we gave the team Project Contributors. WHat else do we need to do? I've used Github for years and I cannot figure out why Azure DevOps UI is so terrible.
Do you have any merge conflicts in the pull request? Make sure to resolve them first.
Also, make sure that your user is not part of any group that has a Deny-policy possible overriding your Project Contributor rights.
Lastly, check the branch policies (link) to see if anything is hindering you from completing the request.
I asked this question on the github community support forum, but I'll ask this here too since no reply there...
I am trying to setup a Github App to give some scripts limited Admin rights to some repos in an Organisation. The Organisation is (I believe) under an Enterprise account - we are using this currently instead of having an Enterprise server. I have created the App, transferred it to the Organisation, and one of the Organisation Admins (which I an not) has set me as the manager. So far so good. However, although I can see the App in the Organisation Settings, there is no “Install App” button. Also trying to use it in scripting gives 401 (A JSON web token could not be decoded) errors trying to get hold of a “PAT” for the app - even though the Admin has installed it into the app.
There is obviously something wrong but I’m at a loss. Does anybody know of some extra logs that can be looked at or have a suggestion on how to approach this. We’ve tried deleting the app and retrying - no different. I should say this is the third app I’ve created for transferring into the organisation this way - so far it has just worked.
We raised a support ticket on this so got a formal answer. I thought it might be useful to replicate the key part of the answer here. Essentially the issue is the fact this App has Admin rights. I am an Administrator on some of the repos, and am "App Manager" for this App, but I am not an Owner of the Organisation.
I quote:
"""GitHub App permission requests [control] access to a number of organization REST API endpoints... As these endpoints are outside the individual repository scope, only the organization owner can approve requests to add or change them. If this wasn't the case, App Managers who aren't organization owners would be able to grant an application the ability to view organization members and teams - which is private organization information that can otherwise only be granted by organization owners via inviting new organization members."""
Basically that is it. The original idea was to allow a central place to set some things that only an Administrator could set in a repo - c.f. branch rules. Seems that this can't be done as is with an App - the system just isn't flexible enough.
The alternative, which I know works, is to use the PAT of a user with Admin rights. That just feels less secure.
I want to know if there is a way to give access to a private repository to people who don't have a GitHub account. Like a link, app or integrating the GH account to some platform like Teams or Slack. The people I intend to share code with share a Microsoft Teams team with me and a corporation mail name#comapny.com. Secure an official suggestions only please.
If your goal is to give them access to clone a repository but not otherwise interact with it, then you can use read-only deploy keys to allow them to clone and fetch the repository via SSH.
Otherwise, if you need more access, then each user will need to have their own GitHub account. It's intentional that users need their own accounts to properly enforce access controls and 2FA policies and to permit users to block and report bad actors. GitHub does not permit accounts to be shared.
We use Visual Studio Team Services backed by Azure AD and want any user in our AD to be able to submit a feature or bug. I know some products like Jira allow this either through their issue collector or via email. It seems with VSTS the user has to be a stakeholder in the project or else they would receive a 401 (I tested with one user in our AD). Has anyone found a good solution or extension that allows AD users (or users external to the project) to submit features requests/bugs to a VSTS project? Or do we have to create something utilizing VSTS's REST API?
The user must be added to your VSTS, then he can submit a feature or bug work item. Regarding personal access token (can call Work item REST API), it is created by the user in your VSTS too, it is not recommended, because of the security issue and you don’t know who submit the feature or bug, it’s hard to manage.
We have quite a few repositories in our organization, and we are constantly adding more. We also have a few different teams - Superusers, Developers, Contractors, etc. I want every newly created repository to automatically assume default permissions, like Superusers get automatic admin access to the repo, Contractors group gets just read access, etc. Is it possible to set that up? Is there a setting somewhere that I missed? And if there's not a way to do that, is there a way to batch apply a permission for one group to all repos within an account?
Update June 2017: with nested teams, you now can associate permissions to sub-teams, which could help group of users to have the correct right regarding a repo part of the organization.
Original answer (Apr. 2016)
Is it possible to set that up?
I did not see a way through the native GitHub web GUI administration pages.
And "permission" is deprecated when creating a team.
What you could consider though is a webhook listening for a an event, like a repository event.
That script listening to the event could then use the Team API to update the permission of the teams (according to their names) for the newly created repo.