Why Repository-Level Access?
Confidentiality
Restrict access to sensitive projects
Compliance
Meet regulatory requirements
Organization
Align access with team structure
Security
Limit exposure of security findings
Default Access
By default, all organization members have access to all repositories. Enable Repository Access Control to restrict access: Organization Settings → Security → Enable Repository Access ControlGrant Repository Access
1
Navigate to Repository Settings
Repository → Settings → Access
2
Add Collaborator
Click Add Collaborator
3
Select User or Team
Choose individual users or teams
4
Set Permission Level
Choose permission:
- Admin: Full repository control
- Write: Manage findings, run scans
- Read: View-only access
5
Save
Click Grant Access
Permission Levels
Admin (Repository)
Can:- Configure repository settings
- Manage access control
- Run and configure scans
- Manage all violations
- Delete repository
Write
Can:- Run scans
- Assign violations
- Suppress violations
- Comment on violations
- Generate reports
- Change repository settings
- Manage access control
- Delete repository
Read
Can:- View violations
- View scan results
- View reports
- Comment on violations
- Run scans
- Assign/suppress violations
- Modify anything
Team-Based Access
Grant access to entire teams instead of individual users:- Easier to manage at scale
- Access follows team membership
- Clear ownership structure
- Simplified onboarding/offboarding
Access Inheritance
Final access is the combination of organization role and repository permission:| Org Role | Repo Permission | Effective Access |
|---|---|---|
| ADMIN | Any | Admin (org-level ADMINs always have full access) |
| USER | Admin | Admin |
| USER | Write | Write |
| USER | Read | Read |
| USER | None | No access |
Organization-level ADMIN role members bypass repository-level restrictions and always have admin access to all repositories.
Managing Access at Scale
Bulk Grant Access
- Organization Settings → Members → Select user
- Click Repository Access tab
- Select multiple repositories and set permission level
- Grant access to all selected repositories
Reviewing Access
Audit Repository Access
Regularly review who has access:- Open repository → Settings → Access
- Review all users and teams with access
- Verify permission levels are appropriate
- Remove users who no longer need access
Access Reports
Generate access reports for compliance: Organization Settings → Reports → Access Report Shows:- Who has access to which repositories
- Permission levels
- Last accessed date
- Access granted by whom and when
Best Practices
- Enable repository access control for sensitive repos
- Use teams for easier management
- Grant least privilege: minimum required permission level
- Regular reviews: quarterly access audits
- Revoke promptly: remove access when no longer needed
- Monitor access logs: track who accesses what
Troubleshooting
User can’t see repository:- Verify repository access control is enabled
- Check user has explicit repository access or team membership
- Organization Admins should always see all repositories
- Check both organization role and repository permission
- Effective access is combination of both
- Verify you have Admin access to the repository
- Only repository admins and org admins can grant access