Deviating Permissions for Package and Repository #24790
-
Our team is in the process of switching to Github and using the GPR for deploying our packages. Manage permissions in one place Packages in GitHub inherit the permissions of the repository, and you no longer need to manage third party solutions and sync team permissions across systems This is generally a good idea and saves a lot of time, but we have certain situations where we want to share a private package with another development team, but not the source code itself. Since permissions are being synced, I wonder if it is possible to archieve the desired behaviour and how. I have spent quite some time trying to figure out how to set up permissions for such a scenario, but so far nothing worked. Any ideas on how to archieve this? Thank you in advance for any help! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
Hi @saltcreek-alex, Thanks for being here! Accessibility of packages is tied to the visibility of the repository to which they are published. If a user has read access on the repository, then they will be able to install these packages, if they have write access on the repository then they will be able to publish new packages, as well as new versions of existing packages. If a repository is public, then the package is public, if the repository is private, the package is private. As a work around you might want to consider creating a specific repository that is private in your organisation here and publishing packages to this. |
Beta Was this translation helpful? Give feedback.
-
thank you for your response. Thank you for your time and help, |
Beta Was this translation helpful? Give feedback.
Hi @saltcreek-alex,
Thanks for being here! Accessibility of packages is tied to the visibility of the repository to which they are published. If a user has read access on the repository, then they will be able to install these packages, if they have write access on the repository then they will be able to publish new packages, as well as new versions of existing packages. If a repository is public, then the package is public, if the repository is private, the package is private.
As a work around you might want to consider creating a specific repository that is private in your organisation here and publishing packages to this.