Say I make an organization, and set someone else to owner. Will they be able to remove me from that organization? Or are there special elevated perms for the "original" owner?
I'm not sure if StackOverflow is even the right place for this question, but I haven't been able to find anything about this online.
Yes, once you make a user owner of your organization, user gets all the permissions as you. So, user can remove you from organization.
Github can't recognize you as Original owner. There are only two possible roles, OWNER and MEMBER.
Depends what you want to do. If you want them to be able to add/remove other members without giving over full organisation access you try to add a team, add the repositories you want to that team with write access, then make the user a "maintainer" of the team which should allow them to add/remove users and therefore manage write access to particular repositories.
https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/permission-levels-for-an-organization
Related
I am a part of a GitHub organization. I created a private repository inside this organization. Now, I see that all members of the organization get read access to it by default; however, I only want to collaborate with a few of them and do not want others to have any access to the content of this repository at this point in time. Is it possible to do so?
This is possible.
WIth teams
First, the base permission of an org must be set to No permission. Then you need to make a team with the people you want to have read access or higher. Then you need to add the team and give them the access level you want them to have on the Collaborators and teams page in the settings for the repository.
Without teams
First, the base permission of an org must be set to No permission. Then go to the Collaborators and teams page in the settings. Then add the users you want to have access to the repository and give them the access level you want them to have.
We've been using Azure DevOps but I'm wondering what the Organisation Owner does? Do they have extra permissions in Azure DevOps or is it just a 'for info' type field so people know who to speak with about any DevOps queries / change requests with the setup.
Thinking ours may need to change but just looking to see what the impact is in changing that - i.e. what permissions would the existing person lose (and what would a new person gain) if that was to change to someone else.
Generally, there aren't extra permissions for the owner account, so, just feel free to change owner. For the new owner, he has the admin permission.
On the other hand, you may just add the new user to Project Collection administrators group, then this new user will has admin permission too.
From the docs
An administrator or organization Owner can give you access to select
features or functions, or change your permissions. In this article,
learn how to look up administrators or organization Owners.
and here are the rights or things that organization owner can do.
Generally, as an organization Owner, you are the administrator of your DevOps service and you have super permission. You can manage your project, includes:
Add users to your project
Grant or restrict permissions
Share your project vision and support collaboration
Remove unused services from the user interface
Set code, test, and other policies
Define area and iteration paths for work tracking
Customize work-tracking processes
Review and update notifications
Add teams to scale your organization
Install and manage extensions
Set up billing
Detailed information, you can refer to the following link:
https://learn.microsoft.com/en-us/azure/devops/user-guide/project-admin-tutorial?view=azure-devops
I am trying to understand the complete purpose of organisations in ADO. What I have understood is that an organisation groups projects, defines resources, extensions, billing, etc. that is related to the organization.
I am struggling with the user part of an organization. I can add users to an org giving them an access level. But I can also add users directly to a project without adding them to an organization at all.
What is then the consequence of this? Is then access level by default stakeholder for those users?
Thank you
You can add people to projects instead of to your organization. Users
are automatically assigned Basic features if your organization has
seats available, or Stakeholder features if not.
For this please refer to the Note of this document.
When you add members to projects and you don't have billing set up, Basic access is automatically assigned, until you run out of seats available. When you add members to projects and you do have billing set up, Basic access is assigned only if your default access level is set to Basic. Otherwise, project members are assigned Stakeholder permissions.
You can refer to Add members to projects or teams for details.
If you add an user to a project that user will be added to the organisation as well. At least when the said user first logs in. The user will get the access level you define as default.
Is it possible to limit who can create repositories in a Github organization. From this article: https://help.github.com/en/enterprise/2.14/user/articles/restricting-repository-creation-in-your-organization it seems like the options are basically owners or everyone. Is there a middle ground?
Making someone a Github owner is a serious permission so we really don't want to give that out just so that someone can make a repo. On the other hand allowing everyone in the organization the ability (contractors, non-technical, read-only roles) the permission to make repos seems too broad.
Has anyone come up with a better solution for this?
One workaround would be to setup a webhook.
That means having a listener for a repository event, which does include the owner: If said owner is not part of an admin list, the listener could:
send back an email to the owner of the newly created repostory, explaining that creation has been denied
delete the repository (through the GitHub API)
Is it possible in GitHub enterprise to arbitrarily add a user to an organization if you are a site administrator. I am evaluating the software, but cannot seem to do this reliably. A site admin who is not themselves part of an organization cannot pull up the organizations dashboard, nor see which users are part of it, although they can view and contribute to the repositories within (in a round about way). I know that it is possible to impersonate a non-admin user, but you would have to know who already is a part of that organization to do this, which is hidden. There has to be a better way because what if some nefarious employee and removed everyone but themselves. The organization would effectively be orphaned.
Thank you
I think I have found where all the members are, under "Members & Teams", duh. I can usurp their account and make myself an owner if needed. Seems cumbersome though.
You most likely want ghe-org-admin-promote