Can I give read-only access to a private repo (from a developer account)?

+1 for this as a feature request.

I assumed this was possible, but couldn’t figure out how to do it, and ended up here after googling and now learning that it’s not possible.

Not being able to differentiate read-only vs. read/write access when selectively sharing something private seems to me to be somewhat of a departure from the common practice of other web services.

Hi there,

any updates on this?

I have the same requirement as others that reply to this topic.

I want to add users to my private repo, but I want them to contribute only using PR, not by committing directly.

I’m sure that not only I have such a requirement.

This feature request is from ‎12-11-2017, so it is taking forever :disappointed_relieved:

Hi @misiu,

You should be able to use branch protection and codeowner rules to accomplish the goal of preventing users from committing without a pull request. Does this accomplish what you’re looking for?

Thanks!

1 Like

Sorry, but this issue is not solved.

This is a tremendous security issue! Especially since Github is promoting the idea of machine users for servers which need to access multiple private repositories, it makes sense to allow for collaborators to be read-only. As the documentation says as a PRO: “Anyone with access to the repository and server has the ability to deploy the project.” -> meaning anyone with access to the machine user account or the server can deploy and break all other servers (yes, we live in a world with cloud computers where we may have multiple instances running at the same time, accessing the same repos).

Clone, fork, fine but not push. That should be read-only by default for any collaborator!

8 Likes

+1 to read only access rights for a private repo

For those who cannot post professional code publically, temporary read-only access to private repos would be a perfect way to share code during the job search process. Allowing prospective employers a view of your work, without allowing them access to the code. I am really surprised this has not been implemented. Perhaps I am just missing another way to achieve this? 

7 Likes

+1. Useful feature for sharing in interviews and with potential collaborators.

Maybe the description of a private repo needs to be changed? I’m a workshop presenter with proprietary material I need to let people clone, but not commit. A private repo looked ideal when I read:

“Private
You choose who can see and commit to this repository.”

That gives the impression I can let someone see it, but not commit to it… which is what I need.

That is the reason I did this Google search because a company cannot view my repo since their company account did not have a Github account.

1 Like

also it would help to share code with Clients how have not paid their bill yet - Don’t want THEM cloning and owning. wowie zowie.

I don’t have GitHub Pro, so without a paid plan, I can’t set up this for a private repo.

Add me to the list of people wanting read only access to private repo’s. Right now you have to give read and write for access tokens.

+1 for making a private repo read only using only shared url

so don’t use github, that’s not meant to that :wink: Even without cloning they can download it. that’s not the way to do when sharing with customers before they pay.

+1 I desperately need this feature, though it’s starting to look like it will never be implemented.

I have private repos that will eventually become public. I need to let selected people view and make suggestions while they are still private, but I can’t risk having them be able to mess with the code. 

2 Likes

+1 Definitely need better security. I believe bitbucket has this capability.

Can we have this yet?

1 Like

Another +1 for read-only.

+2 (me and partner) for read-only feature for private repos

+1 to the “read-only” feature. This level of granularity can help a lot!

Is this feature added to the roadmap? Any progress updates?