permission management #144

Open
opened 2 months ago by rwa · 5 comments
rwa commented 2 months ago
Collaborator

We should have a section dedicated to permission management:

  • project level permissions
  • org level permissions
  • managing of different groups within an org
We should have a section dedicated to permission management: - [x] project level permissions - [ ] org level permissions - [ ] managing of different groups within an org
rwa added the
Kind: Documentation
Kind: Enhancement
labels 2 months ago
n commented 2 months ago
Collaborator

Permissions are documented here, is there anything we can add to it?
https://docs.codeberg.org/collaborating/repo-permissions/

Permissions are documented here, is there anything we can add to it? https://docs.codeberg.org/collaborating/repo-permissions/
Collaborator

Hmm, we talked about it. I'm kinda confused about the supposed best-practice for managing organization-wide permissions in teams, as you can only give a team write-access and then repos to it, you can't say "This team gets read access here, and write there, and can write here but without editing the wiki" etc, so it'd be interesting how this should be achieved.

I kinda guess you'd have to create a team for everything, like put a person in collaborators, webdevs, product manager and project-xy-owner and then you give the collaborators read access to a repo, webdevs write access to the same repo, the product manager can also edit projects on repos they are in etc ... but never tried if this works out.

I find the org-level right management kinda confusing TBH, and it'd be really nice to look this up to not accidentally give people to much power (or, in my case, I have to reconfigure everything thrice until people got the permissions they need to take some action we wanted them to do)

Hmm, we talked about it. I'm kinda confused about the supposed best-practice for managing organization-wide permissions in teams, as you can only give a team write-access and then repos to it, you can't say "This team gets read access here, and write there, and can write here but without editing the wiki" etc, so it'd be interesting how this should be achieved. I kinda guess you'd have to create a team for everything, like put a person in collaborators, webdevs, product manager and project-xy-owner and then you give the collaborators read access to a repo, webdevs write access to the same repo, the product manager can also edit projects on repos they are in etc ... but never tried if this works out. I find the org-level right management kinda confusing TBH, and it'd be really nice to look this up to not accidentally give people to much power (or, in my case, I have to reconfigure everything thrice until people got the permissions they need to take some action we wanted them to do)
Collaborator

I mean, the UI buttons are already explained in the docs, but if I wanted to know how I can do this, I'd read through all of it and I'd still don't know what I'm supposed to do to have a group of people with certain rights.

(The main problem is: It's simply not possible AFAICT to have one group and assign them different access levels on different repos, so I'm actually asking to write a workaround in the docs)

I mean, the UI buttons are already explained in the docs, but if I wanted to know how I can do this, I'd read through all of it and I'd still don't know what I'm supposed to do to have a group of people with certain rights. (The main problem is: It's simply not possible AFAICT to have one group and assign them different access levels on different repos, so I'm actually asking to write a workaround in the docs)
Poster
Collaborator

I'm admittedly not very familiar with the details of group management in Gitea, because I haven't had a need for it so far.

I agree with @fnetx that some clarification on org level permissions and especially restrictions in group management would be a welcome addition.

I'm admittedly not very familiar with the details of group management in Gitea, because I haven't had a need for it so far. I agree with @fnetx that some clarification on org level permissions and especially restrictions in group management would be a welcome addition.
n added the
Status: Help wanted
label 2 months ago
Collaborator

Yes, easily documenting the best-practice is the way to go, maybe not only covering the technical aspects but some social ones, like, what might be a good way to run your organization with minimum permission (and thus risk), but without cutting the workflow of users ...

relevant example of users who may have profited (not blaming, only referencing): Codeberg/Community#476 (someone in the team got too many permissions to remove a repo, although write access would probably have been enough)

Yes, easily documenting the best-practice is the way to go, maybe not only covering the technical aspects but some social ones, like, what might be a good way to run your organization with minimum permission (and thus risk), but without cutting the workflow of users ... relevant example of users who may have profited (not blaming, only referencing): https://codeberg.org/Codeberg/Community/issues/476 (someone in the team got too many permissions to remove a repo, although write access would probably have been enough)
Sign in to join this conversation.
No Milestone
No Assignees
3 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.