Skip to content

Why are some permissionSources empty? #24829

Discussion options

You must be logged in to vote

Hi @fei0x,

Thanks for reaching out! If the token you are using doesn’t have the correct (admin:org) scope, the GraphQL API will return a message saying so. If the token has this scope, but the user isn’t an admin on the organization, nothing is returned, only a blank array.

I suspect that this information requires a user to be an organization administrator because this is the only way to find out this information in the web interface as well. Having this information available to every user through the API may be deemed a security risk.

I haven’t done exhaustive testing, but it looks like a GitHub App will need metadata permission to find out information on collaborators. This gives the sa…

Replies: 2 comments 2 replies

Comment options

You must be logged in to vote
2 replies
@toniopelo
Comment options

@yuvalyacoby
Comment options

Answer selected
Comment options

You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
5 participants