Is there a way to grant permission in Gitlab so that a person or role only has access to a Wiki? No issues, no source, etc.
Not quite.
See the GitLab permissions docs.
The lowest level you can assign is Guest, which can:
Create issues
Download and browse job artifacts.
View wiki pages
But guest cannot access source code.
Related
We have a self-managed Gitlab instance of Community Edition. For security reasons, we want to limit some permissions like adding/removing project members. But it seems once a user becomes Owner, he/she has all the permissions that an Owner should have.
Is it possible to disable some of the permissions? Does the Enterprise Edition have this feature?
What are the best practices for accesses permission for programmers working in Azure DevOps? I would like the programmers to be able to use it, by for example having the possibility to create branches.
As far as I can understand by reading documents such as
https://learn.microsoft.com/en-us/azure/devops/organizations/security/set-git-tfvc-repository-permissions?view=azure-devops#git-repository
The only permission needed is a contributor? Is this correct or have I misunderstood the whole thing? The organization I’m working for have for example set the contributor to be a member of :
Build Administrators, Endpoint creators, Release Administrators
Creating users is different thing and assining rights is different thing. Your are looking for something named Policies.
Check for Branching policies in this case.
EDIT:
I was confused with the branching rights, however you can follow the Repository Permissions and Branch permissions to find how you can give permissions on your projects to users
You need to navigate to project settings and then to repositories. there you will find list of repositories and each repo can have certain rights assigned to it. some are inherited, some assigned. You can modify those to fit your likings.
this is the url: https://dev.azure.com/org_name/project_name/_settings/repositories
For more details, follow this link: https://learn.microsoft.com/en-us/azure/devops/organizations/security/set-git-tfvc-repository-permissions?view=azure-devops
thanks for you quick answer. Have digged into the documentation and repository permissions. I gave definitely som insight. My concern is that I want a predefined setting for managing the code repository on a team level, thus would no want to give project permission to the programmers. In my azure devops setup I have only on organization with hundreds of teams.
As I understand it, the permission for the repos are set at the project level. I would like to minimize the project level access since it gives to wide accesses in other cases and other teams. So my hope was that giving programmers contributor access would give the more or less all needed access for the repos out of the box. Such as:
1. Clone, fetch, contribute to pull requests, and explore the contents of a repository
2. Contribute to a repository, create branches, create tags, manage notes
Do not really understand why more access are needed. But could for example give the security control to the build admin role by granting the access to change permission. In this case the ones with build amdnin could adminitrate the security for its own team repos.
Any thoughs on this? Apologize if I have misunderstood you answer...
I have this team project in Azure DevOps (previously known as VSTS):
$\TempProjectA
I have this developer that can log into Azure DevOps and develop code:
username: first_developer#example-company.com
password: *****
I have this group that is called SingleFileReaders, and I've added first_developer#example-company.com to this group.
Then using Visual Studio's Source Control Explorer, I've browsed to $\TeamProjectA\FileToBeShared.java, right clicked on it, using Advanced menu I managed to get to Security pop-up. And there, I allowed the read option.
Now I login as first_developer#example-company.com into Visual Studio, but I don't see that file. In fact, I don't see TeamProjectA. What should I do?
You Should add the developer to the Project Team members, with contributor role.
Follow here, Since the UI is changed there are some difficulties to find the securities/adding user configuration in Azure DevOps
Security
Contributor role to access the Source codes
For anyone who's stuck in this point, the trick is to give View project-level information permission to your role/user first. Using built-in roles is not helpful as they have permissions much more than what I wanted. They give access to all files, at least read-only permission.
I need to add some Check-In policies to a bunch of machines. When I go to Project Settings -> Source Control I can get into the options fine, but I know I have higher permissions than most, but when I try to add them on other developers machines I get an access denied message.
Is there a way that I can roll out check-in policies to all machines and have the client "install" the policy regardless of permissions? I don't want to grant people higher access and then have to take it away.
Also, with access to Source Control settings being denied would this still run the policy as expected?
Edit: I have read that TFS Power Tools has this ability. If people are part of the same team / group, how does it automatically download the files? Or does the developer have to do a Get Latest? Source: http://www.codewrecks.com/blog/index.php/2010/12/04/distributing-visual-studio-addin-for-the-team/
Decided to have a DLL in a single location and roll out the registry keys via a batch file.
I am trying to give a designer access to specific folders within an Azure website I have. I would like for the designer to have access via FTP. However, according to this post, having multiple FTP user accounts on the same Azure website is not possible and the accepted answer suggests coming up with a "different way to manage" the website. This means that if you want collaboration on an Azure website, you have to share the entire directory structure. Please correct me if I am wrong.
I know you can download the Publish Profile settings from Azure as seen on this post. This does not solve the issue as the publish profile simple gives you the FTP credentials for a specific website (instead of all of your Azure websites) but still does not provide the option to create new FTP users with limited directory permissions.
So, my question is: is there some way to edit the Publish Profile settings when they are downloaded so folder access is limited? If not, what methods have you used for website development collaboration on Azure where certain folders should be hidden and protected?
For collaborative work with Azure Websites, you can enable source control. This includes tfs, git, dropbox, bitbucket, and codeplex. Dropbox is not the best collaborative tool, as it's not designed to be a version control system, but it's very convenient.
If you have a repository with any of the abovementioned providers, you can now give your designer their own account with the version control system.
You guys are right about using a source control system like GitHub instead of trying to provide access by creating a second FTP user.
Others have asked this question - not in the context of azure though.
This post talks about using submodules on github to give a contractor access to a subfolder and all folders / files under that sub folder.
SO - I believe linking azure to github would be necessary and then from there, creating and managing submodules from github would allow for collaboration. I believe a required aspect of this would be to have a private repo on github for the main repo. All of the files in the repo would otherwise be available for forking which would defeat the entire purpose of maintaining some discretion on access rights in the first place.