It's really dumb we can't give read only access to private repos!

Firstly, thanks for the free stuff devs, we appreciate it.

But I’ve got a gripe.

If I want somebody to be able to download a tarball of my latest commit to a private repo I have to give them a token with full r/w repo access?!?

That’s absolutely **bonkers**.

What’s even more bonkers is that people have been complaining about this for years and it’s still an issue.

Who else wants to see a read-only private repo permission added to the o-auth token system?


Hi @roger-heathcote,

Thanks for being here! As you’ve mentioned, we have received similar feature requests from other users. Thought I cannot say when or if this suggestion will be implemented, I can understand how this would make sense. Please know your request has been added to our internal tracking system. Again, I wish I had better news about this topic.

So here we are over a year later …
Still doesnt look like this feature has been implemented. Am I correct?

If you put your repo in a free organization, you can grant read-only access.

1 Like

Can you elaborate for the uninitiated please?
“Free organization”? Do you mean gitlab/github, or something within those two websites?

You can create a free organization and put a repo in there, then add a member as “read-only”.

That sounds good, will check it out. Thanks!

In Bitbucket, if you want to add members, you can define their permissions: read, write or admin. This would be helpful, too.

At the moment, if you invite someone, this would be read + write permissions.

Yes this is what is needed really. Bring able to set permissions at the org level is better than nothing but you should also have the option to set perms per project like some of github’s competitors allow. I mean if you can do that for a single google doc then you should be able to do it for a whole code repository right?

I created a feature request here: Feature Request: invite members to a repository with permissions (read, write, admin)