Issue #4066 wontfix

Default Group Access on New Repository Creation

Shmuel Cohen
created an issue

It seems to that the default behavior of automatically attaching each and every group to a newly created private repository is wrong.

Here's my use-case: I have several projects that I've created. There exists a "developers" group and they automatically are given "write" permission (from the group) - I'm fine with that, however, now I'm bringing in a consultant to work on vary specific project - I create a "Consultants" group and add the consultant to that group. I now create a repository for his project - ok great, both the consultant group and developers group have write access. Now I create a new internal private repo for my developers - uh oh, the consultant is now given default access to the new repo - I understand that i can go into each repo and remove the consultant group (I really don't want them to have even read access to some projects).

I think it would be better to either have a "new repo creation" default list of groups that are automatically attached and/or force the repo creator to select which groups should have permissions to the repo when it is created so they made explicitly aware of who can have what access, if any to any repo.

Comments (3)

  1. Dylan Etkin

    Hi Shmuel,

    In the case you describe you should set the default access of the consultants group to None. Then when you have repos that you would like to give the consultant access to you should do that explicitly through the repositories access management in its admin section.

    The default access of groups is meant for your developers group (a group that you always want to have access). The one-off access should be handled at the repository level.

    I hope this clarifies things a bit. If I am misunderstanding the problem please let me know.

    Cheers,

    Dylan

  2. Shmuel Cohen reporter

    (Reply via sco...@softwaresecure.com):

    Thanks - that makes sense.

    My only question then would be: If the default consultant group was set to "none", would that group also get the email notification that goes out when a new repo (in general)? Or would they be "left off the new repo distribution email list"?

    Thanks!

    -----Original Message----- From: Dylan Etkin [mailto:issues-reply@bitbucket.org] Sent: Friday, May 18, 2012 11:53 AM To: Shmuel Cohen Subject: Re: [site/master] Default Group Access on New Repository Creation (issue #4066)

  3. Log in to comment