Can I give read-only access to a private repo (from a developer account)?

In a private repository, repository owners can only grant write access to collaborators. Collaborators can’t have read-only access to repositories owned by a user account. More information about permission levels for a repository owned by a user account can be found here:

https://help.github.com/articles/permission-levels-for-a-user-account-repository/

Having said that, I know that we’ve heard users request these kinds of granular permissions before, and I’ll add your +1 to that existing feature request.

@FirstPrinciples-AI wrote:

I don’t want to give fork/clone/download rights. 

It’s worth noting here that cloning a repository is a central operation in the collaboration model that GitHub provides. For example, the read-only access that we currently offer to GitHub Organizations still allows users to both clone and fork the repositories that they have permission to read:

https://help.github.com/articles/repository-permission-levels-for-an-organization/

With all of that in mind, I believe that it’s unlikely that we’ll change our permission model to disable the ability to clone a repository that someone has read access to; even if we do allow for read only access to private repositories owned by user accounts in the future. 

60 Likes

Dear GH Team

Any plans to implement private repo access restriction for collaborators to read-only + pull-request? I want collaborators on my private (user) repo(s) put don’t want to allow them direct push… Where is this feature on your roadmap?

Thanks
Stanisław

49 Likes

Hi @sfindeisen,

Thanks for this feedback! We’re always working to improve GitHub, and we consider every suggestion we receive. I’ve logged your feature request in our internal feature request list. Though I can’t guarantee anything or share a timeline for this, I can tell you that it’s been shared with the appropriate teams for consideration.

Cheers!

18 Likes

Using protected branch ( especially for master) will give you some options, such as requesting members with write permission review to the changes before merging. You can also enforce the need for owner review. I did not tried protected branches with private reops before but I think it would be the same as the public repos.

1 Like

@waleedmortajaThis is not exactly what you need.

  • 1 it would be nice to have possibly give a look at the private private repository.
4 Likes

+1 from me.
I would like to be able to invite someone to “ONLY look” at a private repo.

21 Likes

+1

Would be extremely helpful in corporate environment.

5 Likes

+1 

I’m trying to use Github as a place to keep my work and show potential employers. Would love to still have the ability to make it private and just give people access to view.

8 Likes

+1 - I have a couple of private repositories I want to share with friends but I don’t want them to be able to write to them.

5 Likes

+1 Extending this string, because of the work I do with public repos, it would be nice to be able to directly invite people to watch some public repos directly through github (as opposed to email or twitter), without giving them write access.  Maybe this is already possible?

1 Like

+1 on read only access
The ability to view and not modify a private repository would be very valuable to our organization. 

2 Likes

I just went to add a collaborator to a private project with read-only access and was surprised that I couldn’t do it. 

4 Likes

+1 I want to show the code I have done from edX courses to potential employers, but I can’t make them public due to edX’s honor code, It would be usefull to have a way of granting by an URL, view only permission to a private repository, just like in google drive for example.

3 Likes

Having more granular control on private repos for individual users is a must. Sure if they can read it they should be able to clone/fork but i want to disable specific users ability to push with out a propper pull request. Same with branching. Really should be able to have same functionallity as public for private, just we control the viewers.

Thank you,

Joshua Dooley

9 Likes
  • 100

Working with a colleague overseas that I want to be able to give access to pull my code (for reference/educational purposes), but not to be able to push.

6 Likes

+1

That’s kind of an obvious need in my view.

My specific situation is I’m freelancing and want to give read access to my client.

6 Likes

+1 From a security standpoint, we’d like to have a ‘read only’ user who can pull to keep our software up to date on hardware. However, we don’t want to worry about someone getting hold of one of these devices and having access to push data (and infect all other devices)

50 Likes

Hi @stridera,

As @nickcannariato mentioned:

The read-only access that we currently offer to GitHub Organizations still allows users to both clone and fork the repositories that they have permission to read

This does not give users the ability to push data, so this should work for your particular use case.

Hope this helps!

I just discovered the option of private repositories in the announcement. Just like stated, I use them to ‘apply for a job’. That’s even the only  usage I make of them, besides experimenting with Git and Github.

So, I would like to selectively give access to people, like by supplying an URL with a key. As I know from photo albums on the web. This should be ready only, which may include copying or cloning, preferably copying.

So that is my request, which seems pretty obvious to me.

By the way, I do not consider this ‘solved’. That is more of an euphemism to get rid of the question.

2 Likes

It seems to me that the git/GitHub owners, by assuming that there is only one use-case for git/GitHub (shared open software development), are limiting the usefulness of GitHub. Some of the postings in this thread show other use cases that require readonly access to files for one audience yet require pulling/pushing/versions/branches to the developers.

An additional use case that occurs to me is using GitHub to make a portion of a proprietary product public. We always assume that a product is either proprietary or open, but not both. But I can easily imagine products that are proprietary and sold for profit, yet contribute a new and useful subroutine or algorithm to the Open Software community. In such a case the developers might want to use GitHub to collaborate in private, but might want one specific file to be readonly or read/write visible to the public.