Visibility levels
You can specify the visibility level of a code repository and group to limit access permissions.
Code repository visibility levels
Private: Only members within a code repository can view the repository information. Other users cannot access the path of the code repository.
Visible to Organization: Members within a specified organization can access the code repository.
Group visibility levels
Private: Only members in a specified group can view its subgroups and repositories.
Visible to Organization: Members within a specified organization can view its subgroups and repositories.
Code repository or group roles
You can configure different roles for members within a group or code repository to obtain corresponding permissions. Member roles include administrator, developer, and browser.
Code repository roles
You can assign the following roles to the code repository members: administrator, developer, and browser.
Administrator: reads, clones, pushes, and adds member permissions to the code repository.
Developer: reads, clones, and pushes the code repository.
Browser: reads and clones the code repository.
Group roles
You can assign the following roles to the group members: administrator, developer, and browser.
Administrator: configures and has all permissions on the code repository in the group and add group members.
Developer: reads, clones, and pushes all code repositories in the group.
Browser: reads and clones all code repositories in the group.
If a user is assigned different roles in a code repository and group, the role with the highest privilege level prevails. For example, a user is assigned the administrator role on the group "a" and the developer role on the repository "b". The final role of the user on the repository "b" is administrator.
Permissions
Code repository permissions
Operation | Browser | Developer | Administrator |
Browse a code repository | ✔️ | ️️️️️️️️️✔️ | ️️️️️️️️️✔️ |
Clone, pull, or download a code repository | ️️️️️️️️️✔️ | ️️️️️️️️️✔️ | ️️️️️️️️️✔️ |
Push a code repository, such as creating, uploading, or editing a code repository | ❌ | ️️️️️️️️️✔️ | ️️️️️️️️️✔️ |
View a commit | ️️️️️️️️️✔️ | ️️️️️️️✔️ | ️️️️️️️️️✔️ |
Comment a commit | ️️️️️️️️️✔️ | ️️️️️️️️️✔️ | ️️️️️️️️️✔️ |
Create a branch | ❌ | ️️️️️️️️️✔️ | ️️️️️️️️️✔️ |
View a branch | ️️️️️️️️️✔️ | ️️️️️️️️️✔️ | ️️️️️️️️️✔️ |
Delete a non-protected branch | ❌ | ️️️️️️️️️✔️ | ️️️️️️️️️✔️ |
Delete a protected branch | ❌ | ❌ | ❌ |
Forcibly push a protected branch | ❌ | ❌ | ❌ |
Create or edit a merge request | ❌ | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ |
View or comment a merge request | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ |
Approve a merge request | ❌ | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ |
Process a merge request | ❌ | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ |
Close or reopen a merge request | ❌ | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ |
Create or edit a tag | ❌ | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ |
Delete a tag | ❌ | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ |
View a tag | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ |
View an activity | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ |
View the repository members | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ |
Manage the repository members | ❌ | ❌ | ️️️️️️️️️️️️️️️️✔️ |
Edit a code repository, such as modifying its name, description, cover, or visibility level | ❌ | ❌ | ️️️️️️️️️️️️️️️️✔️ |
High-risk operations on a code repository, such as modifying the repository path, and archiving, dearchiving, deleting, or transferring a code repository | ❌ | ❌ | ️️️️️️️️️️️️️️️️✔️ |
Manage the repository storage (repository GC) | ❌ | ❌ | ️️️️️️️️️️️️️️️️✔️ |
Configure a branch, such as modifying the default branch or editing a protected branch | ❌ | ❌ | ️️️️️️️️️️️️️️️️✔️ |
Configure a merge request | ❌ | ❌ | ️️️️️️️️️️️️️️️️✔️ |
Configure webhooks | ❌ | ❌ | ️️️️️️️️️️️️️️️️✔️ |
Configure key deployment | ❌ | ❌ | ️️️️️️️️️️️️️️️️✔️ |
Configure an integration service | ❌ | ❌ | ️️️️️️️️️️️️️️️️✔️ |
Manage code repository members
Add a member
Access a repository as the repository administrator. Click Members in the left-side navigation pane and then click Add Member. Search for a member by user name and then click Add in the Add Members pane.
Change the permissions of a member
Access a repository as administrator. Select a member from the list and then click the drop-down list in the Role column to change the member permissions.
Delete a member
Access a repository as administrator. Select a member from the list, and then click the removal option in the Actions column. The member is deleted after the second confirmation. Unless you are the repository administrator, you can exit the code repository.
Group permissions
Operation | Browser | Developer | Administrator |
View a group | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ |
Create a code repository | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ | |
Create a subgroup | ️️️️️️️️️️️️️️️️️️✔️ | ️️️️️️️️️️️️️️️️️️✔️ | |
Edit a group | ️️️️️️️️️️️️️️️️✔️ | ||
Manage group members | ️️️️️️️️️️️️️️️️✔️ | ||
Delete a group | ️️️️️️️️️️️️️️️️✔️ |
To create or delete a code repository or subgroup in a group, you must configure global permissions.
Assume that code repositories or groups needs to be created.
If the global settings limit that only organization managers are allowed to create code repositories or groups, group administrators or developers other than organization managers are not allowed to create code repositories or groups.
If the global settings allow organization administrators and members to create code repositories or groups, group administrators and developers who are organization administrators or members can create code repositories or groups.