Private Repos inside an Organization

I have an org with a bunch of members. Inside that org, there is one repo which I don’t want any members to be able to view. 

Right now I think if I just set that repo to private, all that does is keep the outside world from seeing it, but members of the repo are able to see it.

Can I set up what I am trying to do?

THanks!

What you’re asking for is possible, depending on how you have your org permissions configured. First, the “Default repository permission” under your org Settings > Member privileges must be set to “None”. Second, if you don’t want anyone other than yourself to be able to see the contents of the repo, you have to be the only member of your organization that has the Role of “Owner”. You can see this by going to your org’s settings, clicking the “People” tab and then going through the list. Then, you have to make sure that no teams have been created that grant access to that repo. Members will still be able to see that the repo exists but they won’t be able to see the contents of the repo.

Just keep in mind that any Owners of the organization will have full access to the entire organization and all of its contents. If you keep Member privileges set to None, then you’ll be able to lock down access to parts of the org and administrate it using teams.

I hope that helps!

1 Like

Can a repository inside an organization be made public inside in the organization and private to the members outside it without teams?

1 Like

Hi @dhruv2012,

Yes, If you allow forking of private repositories at the organization level, you can also configure the ability to fork a specific private repository. For more information, see “Allowing people to fork a private repository owned by your organization.” I hope this helps

1 Like

Hi, @AndreaGriffiths11. We have a organization which has codebase which is needed to be kept private. So basically i want to make the repository private to all the users who are outside the organisation.

1 Like

Hi @dhruv2012 ,

Have you been able to find a way of doing this?

Thanks,

Chris

Correct me if I’m wrong but, if I set “Default repository permission” to None then nobody in the organization will not be able to see the contents of repository, unless specifically granted read (or higher) privileges.

This kind of behaviour is problematic for my use-case (assuming that my understanding is correct).
I’m admin of university laboratory organization and our members are divided into two teams: students and phd+, where phd+ team consists of “higher ranking” members of laboratory which need to have read access for all repositories, while students team needs to only have read access to repositories created by the members of students team.

The only way I see of enforcing this structure is by setting “Default repository permission” to None and then manually adding teams to each repository. Using this kind of workflow means that every time a student creates a new repository, that student needs to set read access to the students and phd+ teams. As a consequences, phd+ team needs to be made visible, which I would much rather like it to be secret.

I would much rather be able to use “Default repository permission” of read and then for some repositories place role to None for students team. If this would be possible then I would be also able to make a phd+ team secret.

Yes, if you set the default repository permission to none, then, by default, no member of the organization (apart from organization owners) will be able to see or interact with any repository that does not have additional permissions attached to it.

Yes, you could do that too :grinning: