Skip to main content

Repository Permissions

RepoFlow offers granular control over repository access through its robust permissions system. This system allows workspace admins to specify who can access and perform actions within each repository, ensuring security and proper management of resources.

Types of Repositories

  1. Private Repositories:

    • Only users who have been explicitly added can access the repository.
    • Ideal for sensitive or internal projects that require restricted access.

  2. Public Repositories:

    • Accessible to all users, including those not logged in, based on the chosen permission level.
    • Suitable for open-source projects or publicly shared resources.

Permission Levels

RepoFlow defines three main permission levels to control access and actions within repositories:

  1. Can Read:

    • Users can read and download all content from the repository.
    • Provides basic access for viewing and using repository contents without making changes.

  2. Can Deploy:

    • Users can read and upload new versions of packages to the repository.
    • They cannot update (override) existing versions.
    • Suitable for developers and contributors who need to add new versions of packages.

  3. Can Manage:

    • Users can read, deploy, override, and delete packages.
    • Grants full control over the repository, including updating (overriding) existing package versions.
    • Typically assigned to admins or project leads.

Managing Repository Permissions

Only workspace admins have the authority to change repository permissions. When setting a repository to public, the admin must specify the required permission level (can read, can deploy, or can manage). Additionally, when adding users to repositories, workspace admins select the appropriate permission level for each user.

It is only possible to add users to a repository if they are already part of the workspace.

Setting Permissions

For Private Repositories:

  • Add users explicitly and assign them one of the permission levels (can read, can deploy, can manage).

For Public Repositories:

  • Set the repository to public and choose the default permission level that applies to all users.
  • The chosen permission level (can read, can deploy, or can manage) determines the actions available to public users.

Best Practices

  • Regularly Review Permissions: Ensure that user permissions are up-to-date and align with their current roles and responsibilities.
  • Use Least Privilege Principle: Assign the minimum required permission level to users to perform their roles.
  • Monitor Access: Keep track of repository access and actions to identify any unauthorized activities.

By leveraging these permission settings, RepoFlow helps you maintain a secure and well-managed environment for your package repositories, enhancing both collaboration and security across your projects.