Restrict Repository Access and Visibility in a GitHub Organization

[arjungoel]

Hi everyone,

We have a GitHub Organization under our Enterprise account, with a total of 9 members divided into three teams: frontend, backend, and database.

I need to configure access in such a way that only a specific individual or a team (which includes that individual) can access all repositories or only specific ones within the organization. All other members should not even be able to see the existence of other repositories that they are not permitted to access.

How can I achieve this functionality within GitHub? Please suggest the best approach to enforce these access restrictions effectively.

[mecodeatlas]

Thanks for posting in the GitHub Community, @arjungoel!

We're happy you're here. You are more likely to get a useful response if you are posting your question in the applicable category, the Discussions category is solely related to conversations around the GitHub product Discussions. This question should be in the Enterprise category. I've gone ahead and moved it for you. Good luck!

[queenofcorgis]

Hey there @arjungoel,

I was just studying this as I prepared for my GitHub Foundations Exam! Private repositories are only accessible and visible to you, people you explicitly share access with, and, for organization repositories, certain organization members.

You could create a team for people who need to have access/visibility to all repositories, make the repositories you don't want visible in your organization private, and then only invite teams that need to know about the repository. Teams can also be secret, secret teams are only visible to the people on the team and people with owner permissions.

Some docs that may help:

• Managing teams and people with access to your repository
• About teams

[arjungoel]

Hi @queenofcorgis,

I figured out a way to fine-tune access control in GitHub at the Organization Level. Here’s how you can manage permissions effectively:

1. Default Repository Permission:

• Go to Organization Settings → Member privileges → Base permissions
• Set it to No permission to prevent members from automatically having read access to all repositories.

2. Teams and Groups:

• Create teams under Organization Settings → Teams and assign repository-specific permissions.

I replicated the same at my end and I was able to restrict repositories access to a set of people under the teams, however it is still not possible to restrict the access to a specific user who is part of organization's team.

[wl-spaceline]

But even with "No permission" all members can still access to Internal repositories. Is that correct?

So, if I really want to select how can access to certain repositories, I have to make these repo private and assign people / teams with roles. Am I missing something?

[mecodeatlas]

Hey @arjungoel 👋
We're going through our unanswered discussions, I know it has been a while, but I wanted to check and see if you were able to get this solved?

[arjungoel]

@mecodeatlas yes and I have shared the steps above for the same.