Repository Permissions

When you invite collaborators to join your repository or when you create teams for your organization, you have to decide what each collaborator/team is allowed to do.

You can assign teams different levels of permission for each unit (e.g. issues, PR’s, wiki).

Profile and Visibility

Visibility of your repositories is in general inherited from your profile. So other user can only see your repositories, if your profile is public.

If you want to limit visibility access to your repositories you can set your user visibility in the user privacy settings to Limited. Even if your repository is public, non-contributors will get a 404-error if they try to access your repository.

screenshot showing the updated README

Collaborators

There are four permission levels: Read, Write, Administrator and Owner.
The owner is the person who created the repository.

The table below gives an overview of what collaborators are allowed to do when granted each of these permission levels:

Task Read Write Admin Owner
View, clone and pull repository
Contribute pull requests
Push to/update contributed pull requests
Push directly to repository
Merge pull requests
Moderate/delete issues and comments
Force-push/rewrite history (if enabled)
Add/remove collaborators to repository
Configure branch settings (protect/unprotect, enable force-push)
Configure repository settings (enable wiki, issues, PRs, releases, update profile)
Configure repository settings in the danger zone (transfer ownership, delete wiki data / repository, archive repository)

Teams

The permissions for teams are quite configurable. You can specify which repositories a team has access to; therefore, you can specify for each unit (Code Access, Issues, Releases) a different permission level.

Each unit is configured to have one of these 3 permission levels:

  • No Access: Members cannot view or take any other action on this unit.
  • Read: Members can view the unit, and do standard actions for that unit (See the Read column under Collaborators).
  • Write: Members can view the unit, and execute write actions that unit (See the Write column under Collaborators).

When a team is configured to have administrator access, when this is specified, you cannot change units. The team will have admin permissions (See the Admin column under Collaborators).

Currently, there are six units that can be configured:

  • Code: access source code, files, commits, and branches.
  • Issues: organize bug reports, tasks, and milestones.
  • Pull Requests: access pull requests, and code reviews.
  • Releases: track the project versions and downloads.
  • Wiki: access and write documentation.
  • Projects: access and manage issues and pull requests in project boards.

There are also two units which can be toggled:

  • External Wiki: access to external wiki.
  • External Issues: access to the external issue tracker.

A team can be given the permission to create new repositories. When a member of such team creates a new repository, he/she will get administrator access to the repository.