Permissions/ visibility on GitHub Enterprise

Hi, all!

I am looking for help understanding permissions and visibility for repositories with GitHub Enterprise.

Our company has a GitHub Enterprise server, under which the royal “we” of interest exist as an Organization. We have also created a Team which everyone in our Organization belongs to.

We are very confused about what settings to use when making a new repository for different use cases.

The left is what we see when creating a repo under our own username and the right is what we see when creating a repo under our Organization:

How do we create repositories such that:
(1) All people in our organization can see the files, create issues, contribute, pull requests, etc
(2) All people in our organization can see the files
(3) Only the individual creater can see the files

We are a small shop with mostly independent analyses, so most of our people will be using GitHub for version control but not collaboration. However, we would like to increase code sharing for the purposes of learning from each other, so we want code to be visible to other people and to easily show up in searches. But we would not have other people contributing to these projects.

We also expect to have a small number of repositories of shared code which we would like for it to be easy for people to both contribute and browse/search.

What permissions would you recommend for each of these use cases? We are bumbling around in our first repos and have mostly been creating them under our Organization, but in looking at Insights > People for different projects, we realized that we don’t really understand the distinctions between public, internal, and private.

We have also looked through the GitHub Docs (eg About repository visibility - GitHub Docs) but we are still confused, so we would really appreciate some help and guidance!

Thank you!

Hi @rkb965, your question How do we create repositories such that:
(1) All people in our organization can see the files, create issues, contribute, pull requests, etc
Select ‘Private’ organization repository visibility and add the Organization Team (you mentioned you have) with ‘TRIAGE’ or ‘WRITE’ role permission (suggest you review repository-permission-levels-for-an-organization to determine which is appropriate for you)

(2) All people in our organization can see the files
Select ‘Private’ organization repository visibility and add the Organization Team (you mentioned you have) with ‘READ’ role permission

(3) Only the individual creater can see the files
Select ‘Private’ organization repository visibility

For an Internal repository all enterprise members will have READ permissions on it, so it would not be restricted to your organization ONLY but a member of ANY organization within your enterprise having READ access. But if that is want you want for some repositories this can be useful setting to support ‘inner source’ approach across your enterprise.

Obviously you can create additional teams allowing you to allocate specific sets of users access to specific repositories with read, triage, write, maintain, admin role permissions as needed

An organization owner can also set a base permission that applies to all members of an organization when accessing any of the organization’s repositories, such as READ. More often than not this is set to NONE for security reasons.

There is no right or wrong answer as such, it is for you to choose the configuration that best meets all your requirements.

A few additional references: