I've got an account for automated builds which should have access to every Github (Enterprise) repository owned by a particular organization. Is there a way to do this such that present and future repositories are automatically intercepted?
You have to set the user as an owner:
Go to the 'People' tab under your organization.
Find the user of interest. There are a number of columns, one of which has values such as 'member' or 'owner'.
Change this value for your user to 'owner'.
That user should now have contributor access to all repositories owned by the organization.
Related
I am a part of a GitHub organization. I created a private repository inside this organization. Now, I see that all members of the organization get read access to it by default; however, I only want to collaborate with a few of them and do not want others to have any access to the content of this repository at this point in time. Is it possible to do so?
This is possible.
WIth teams
First, the base permission of an org must be set to No permission. Then you need to make a team with the people you want to have read access or higher. Then you need to add the team and give them the access level you want them to have on the Collaborators and teams page in the settings for the repository.
Without teams
First, the base permission of an org must be set to No permission. Then go to the Collaborators and teams page in the settings. Then add the users you want to have access to the repository and give them the access level you want them to have.
Is there a way to list all repositories within an organization, created or contributed to by a specific user?
For concreteness, I am a member of the organization and I am the user in question.
The organization page has a ton of repos listed and I just want to see the ones that I made.
is there a way to limit new repositories creation for all users except for admins in an organization?
I found this article on Github, but this restricts the repository type. I am looking for a way to prevent users to create any new repository, unless an admin in the same organization approved.
Is it even possible with Github?
You were close to the solution. There is actually a link to another section in the documentation you shared named Enforcing repository management policies in your enterprise account with a specific section Enforcing a policy on creating repositories.
There, you'll see that you can choose whether members can create repositories in your organization.
Here is the step related to it:
As GitHub user I can create an organization. What i don't understand -- Is an organisation independent?
Is it a repositories container, that needs a (user) account it belongs to or
is it for itself an (organization) account GitHub user (and doesn't need any personal user account)? Is it then correct to say, that an organization is a "featured user" account -- an account with all the features of a personal user account (especially code management, commenting etc.) and some additional functionality?
The biggest difference between user accounts and organizations is team-based permissions for the repositories owned by the organization.
This means you can have team members under your organization and let them interact more aggressively with your repositories compared to plain contributors.
I'd say the concept of a GitHub organization is pretty independent from a plain GitHub user - they aren't the same thing. See for example how you can convert a user to an organization https://help.github.com/articles/converting-a-user-into-an-organization/
With that being said, organizations have what they call owners.
You can have multiple owners (i.e you can invite people to be owner of your organization along with you) but an organization cannot have zero owner.
For example, when you create an organization while logged under your account, the default first owner of the organization you just created is yourself.
Here's a more detailed list about the differences between a user and an organization
https://help.github.com/articles/what-s-the-difference-between-user-and-organization-accounts/
An organization is not a user, it doesn't have a password and you cannot log into an organization like you can to a personal/user account. But an organization can own repositories, which can be made accessible to actual persons/users who have passwords and can login.
I need to transfer a repository from a user account to an organization the user is a member of. Per GitHUb's docs, I need to make the user account an admin of the organization first.
GitHub's docs describe the different levels of access to an organization, but I can't find out how to actually change a user's level of access to an organisation.
How can I make the organization member an admin?
Access levels in GitHub are configured per Team inside the Organization.
Log into GitHub.
Switch your account context to the organization using the dropdown near the top-left of the screen:
Click on "View organization":
Click the Teams tab in the top navigation bar:
Decide whether you want to change the permissions of an existing team (and all of its members) or to create a new team for a single user.
If you are modifying an existing Team,
click on the Team name,
then click the gear icon at the top right,
then change the Team's access to Admin and
click Update.
If you are creating a new Team,
click the New Team button,
give the Team an appropriate name,
set its access to Admin and
click Create Team.
Team memberships have somewhat limited permissions scopes to individually named repositories.
If you want to set someone as an admin for the entire organization:
Navigate to the Organization > People
Identify the member you want to update and click on the settings cog
Set role to Owner
Update 2022: GitHub entitlements can help you define an IAM (Identity and Access Management) complete with audits.
2017: Note that since June 2017, you can apply an Admin access right to a sub-team (instead of one giant unique team as before)
See "Nested teams add depth to your team structure":
Child teams inherit their parent's access permissions, so repository permissions and #mentioning among nested teams work from top to bottom.
If your team structure is Employees > Engineering > Application Engineering > Identity, granting Engineering write access to a repository means Application Engineering and Identity also get that access.
So that is another way to assign a user admin right: make him/her part of a sub-sub team called "admins" within an organization.
Official GitHub Documentation: Nested Teams.