Issue only access/permissions

We have a private org with multiple private repos and teams with 15-20 people on it in total, half of them are devs, the other half is marketing, sales, support.

Software developers should have access to the code/issues/etc… the usual stuff…

People in the marketing, sales and support should have access only to issues. Meaning I want them to be able to create/update/comment/follow issues, but they should NOT have access to our code, because they don’t need it to do their job - this is adding an unnecessary security concern.

I know that right now there is only read/write roles, but that includes access to our code. 

16 Likes

Hi @xarg,

Thanks for this feedback! We’re always working to improve GitHub, and we consider every suggestion we receive. I’ve logged your feature request in our internal feature request list. Though I can’t guarantee anything or share a timeline for this, I can tell you that it’s been shared with the appropriate teams for consideration.

Please let me know if you have any other questions.

Cheers!

1 Like

I have a similar issue and i’m discouraged because that’s the same thing every customer rep of any dev company says. The problem is it’s the text book thing to say because it’s safe since that doesn’t mean the issue will get fixed.

Hi @jideani,

Thank you for sharing that feedback. I completely understand your feelings here, and I hope I can help a little bit. 

First, I want to assure you that we really do share this feedback with the appropriate teams. We log and track that feedback internally. You’re right in that we can’t guarantee anything or share timelines for individual feature requests, but we do look at each and every one of them and consider them seriously.

Second, I would highly recommend watching our changelog for the most up-to-date info on new features being added to GitHub. This is the best way to get the quickest info on updates and changes to GitHub, and we keep it very current.

I know this reply doesn’t include any details or specifics on when or if we might be able to implement this specific feature, but I wanted to acknowledge your concern shared here, reaffirm that we will definitely share this feedback, and share the changelog link with you. 

Thanks Nadia. Is there no wat to follow/watch the changelog like we do with repositories? i noticed there’s just an rss feed.

Hi @jideani,

Currently, RSS is the only way to watch the changelog. However, it’s a relatively new feature, so it’s possible that we’ll incorporate new ways to follow in the future. I’ll pass your recommendation on to our product team for consideration.

Thanks!

1 Like

Are there any workarounds for this? A 3rd party app perhaps? We used waffle.io before moving to github projects, but that still requires you to have full access to the github account in order to be able to use it.

The best workarounds for this use protected branches or CODEOWNERS files to prevent modification of code by people who shouldn’t be able to modify it. If you wanted to use a machine user to create an app with access to issues on a repository only, you could also do that.

Thank you for mentioning this problem! 

I asked GitHub about it a few years ago but I failed to convey the importance of having these permissions. We had to create a ton of -issues repositories because of that. It is quite a mess.

Also needed by us. The best would be, if people who are only having a Issue only Access to Repositorys, don’t count as team member. Because in our company, the people with issue only access are often clients from us. The benefit, is they can always see how their project is going

Hi @roustem and @herrniklasraab,

I’ve passed on your feedback to our internal product team. While I can’t promise if or when these changes will be made, it will be announced in the GitHub changelog if they are. 

Thanks!

This is a much desired feature for us as well in HealthIT in general.

Its a shame that a fantastic tool/company like GitHub doesn’t think its important and worse still they don’t even provide a decent Watch/Follow the progress on public issues/suggestions. An RSS feed to changelog just doesn’t cut it and creates a perception that GitHub is not eating its own dog food i.e. they do not even use their own suggested workaround of creating a “issue only” public repo (where we could see the progress) and let their developers close/triage issues in this public repo through commit & PRs workflow.

This would be very very useful for our organisation too.

I’m supprised github doesn’t have such a feature.

*bump*

This is an absolutely must-have. Working with different repos just to have access to issues, is a pain in the ass. That’s not a workaround. And the argument about read & write access, is not an argument. You can still copy the code, so… Team members should be able to keep an eye on issues without having access to code. 

2 Likes

+1

please i want this, I’m sick and tierd of having to learn and use 3th party applicaitons and not be able to refernece stuff in issues/codes. it’s always a diffrent application each time, Trello, Jira, Assana, etc

it’s always the same on every job i start at. They use github just for code but not for anything else and that makes me sick. All other ticket/issue applications are so much worse IMO. syncing issues to/from github makes my skin crawl.

I’m always advocating that we should *only* use github but the tech leads counter argument is always the same :disappointed:

“they don’t want sales person to have code access”. i say screw that. i rather want to have that + protected branches. i wouldn’t mind if they had access to edit some markdown text either, less job for me… sometimes i wish i used some form of CMS.

but to start somewhere, we should start having some form of exclusive access for marketing, sales and support.

I also think ppl should be able to submit issues without having a github account at all so visitors can report issues (anonymous). and some form of bug report system to closed source.

Starting the counter here: 1 year since my initial request.

This became so important for us that we are seriously considered moving to Gitlab (they have guest roles there). Unfortunately their code-review system is just as bad as Github’s so we’re sticking to Github + Reviewable for now, but the moment Gitlab does somethining similar to Reviewable, we’re gone even though I like it a lot less. Not to mention the superior gitlab-ci which we already using. Really the only thing at this point that is holding us on Github is reviewable - a 3rd party app :)) 

+1 for this. I’ve been waiting and waiting on news regarding this feature for what feels like forever. I would upgrade my account to an organisation and pay per repo in a heartbeat, if it meant I could keep my issues organised adjacent to code without unorganised solutions like extraneous repositories. Please consider spending some time on this GitHub!

How is this not a feature yet? This is pretty terrible that this hasn’t been prioritized.

4 Likes