1. Bitbucket
  2. Public Issue Tracker
  3. master
  4. Issues

Issues

Issue #7063 resolved

Admin users have access to all forks

Ryan Schumacher
created an issue

When using teams I would like my administrator group to have access to all forks of all repos owned by the team. Currently to access forks we have to log in as our team which is not ideal.

Alternative solution #7062

Comments (10)

  1. Nicolas Venegas

    Hi Ryan

    You can check the "can administer account" option for a group owned by the team and that will have those members of that group admin access to all repositories owned by the team.

    Let me know if that works for you.

    Cheers

    Nicolas

  2. Ryan Schumacher reporter

    Nicolas Venegas Brodie Rao Sorry I had replied via email, but it seems not to have been sent.

    "Yes this is the workflow we currently use but my developers fork our repositories and I cannot see the fork unless I log in as team owner. So currently if I wish to see the forks I must log in as my team account.

    Requiring my devs to use their 5 member limit is not a solution we are looking as as we want to encourage them to work on their own side projects without having to log in and out of personal accounts.

    I know you rejected my alternative suggestion so maybe this one can be refined to some solution.

    We are open to paying for the ability for our admins to view all forks so please don't let that be an issue. This is the only thing I am regretting not knowing when I moved from github."

    I am going to escalate the issues importance because now we have an issue with managing SSH keys and using the admin account and personal account.

  3. Brodie Rao

    Hi Ryan,

    I agree that the current behavior around this is confusing. This is something we're looking at improving.

    Just to make sure we're on the same page, let me confirm the issues involved:

    • You don't want users to have to create separate personal/work accounts.
    • You'd like team members to be fork team repos, and you'd like the team admin access to be inherited in the fork.
    • You don't want those forks to contribute to their personal account's plan limits.

    Is that right?

    To get things working right now, I recommend doing this:

    • Make sure your developers group has access to create repositories under the team account.
    • When developers fork repos, have them fork repos under the team account. They can put their username in the fork name (or maybe the name of the feature they're working on) to differentiate it from the main repo.

    This should make it so those forks don't contribute to their plan limits (since the repos are owned by the team account) and any admin groups who have access to the original repo should retain their access in the fork.

  4. Ryan Schumacher reporter

    Ahh I see yes that could achieve the goal I have. I will try this and see how it works out!

    Could I recommend this be default behavior of a fork of a private repo on a team account? It is exactly the behavior we are looking for and seems like it could limit security breaches. (Will move this thought to a separate feature request later)

    Ryan

    PS - the "Reply above this line" feature is not working. Have tried many times always have to fetch from sent mail and repost.

  5. Brodie Rao

    Hi Ryan,

    Glad to hear that the workaround is working for you.

    I've added an issue (#7285) for making that the default. You can watch it to get updates when there's new development around it.

  6. SoundCloud Challenges

    We are also having this problem which is very unfortunate :( the forks we have are from non-team members and team members need to have read access to these forks. This is not solved by the flow you described, unfortunately.

  7. Log in to comment