When you invite collaborators to join your repository or when you create teams for your organization, you have to decide what each collaborator/team is allowed to do.
You can assign teams different levels of permission for each unit (e.g. issues, PR’s, wiki).
Visibility of your repositories is in general inherited from your profile. So other user can only see your repositories, if your profile is public.
If you want to limit visibility access to your repositories you can set your user visibility in the user privacy settings to Limited. Even if your repository is public, non-contributors will get a 404-error if they try to access your repository.
There are four permission levels: Read, Write, Administrator and Owner.
The owner is the person who created the repository.
The table below gives an overview of what collaborators are allowed to do when granted each of these permission levels:
|View, clone and pull repository||✅||✅||✅||✅|
|Contribute pull requests||✅||✅||✅||✅|
|Push to/update contributed pull requests||✅||✅||✅||✅|
|Push directly to repository||❌||✅||✅||✅|
|Merge pull requests||❌||✅||✅||✅|
|Moderate/delete issues and comments||❌||✅||✅||✅|
|Force-push/rewrite history (if enabled)||❌||✅||✅||✅|
|Add/remove collaborators to repository||❌||❌||✅||✅|
|Configure branch settings (protect/unprotect, enable force-push)||❌||❌||✅||✅|
|Configure repository settings (enable wiki, issues, PRs, releases, update profile)||❌||❌||✅||✅|
|Configure repository settings in the danger zone (transfer ownership, delete wiki data / repository, archive repository)||❌||❌||❌||✅|
The permissions for teams are quite configurable. You can specify which repositories a team has access to; therefore, you can specify for each unit (Code Access, Issues, Releases) a different permission level.
Each unit is configured to have one of these 3 permission levels:
- No Access: Members cannot view or take any other action on this unit.
- Read: Members can view the unit, and do standard actions for that unit (See the Read column under Collaborators).
- Write: Members can view the unit, and execute write actions that unit (See the Write column under Collaborators).
When a team is configured to have administrator access, when this is specified, you cannot change units. The team will have admin permissions (See the Admin column under Collaborators).
Currently, there are six units that can be configured:
- Code: access source code, files, commits, and branches.
- Issues: organize bug reports, tasks, and milestones.
- Pull Requests: access pull requests, and code reviews.
- Releases: track the project versions and downloads.
- Wiki: access and write documentation.
- Projects: access and manage issues and pull requests in project boards.
There are also two units which can be toggled:
- External Wiki: access to external wiki.
- External Issues: access to the external issue tracker.
A team can be given the permission to create new repositories. When a member of such team creates a new repository, he/she will get administrator access to the repository.