+1 for this as a feature request.
I assumed this was possible, but couldn't figure out how to do it, and ended up here after googling and now learning that it's not possible.
Not being able to differentiate read-only vs. read/write access when selectively sharing something private seems to me to be somewhat of a departure from the common practice of other web services.
Dear GH Team
Any plans to implement private repo access restriction for collaborators to read-only + pull-request? I want collaborators on my private (user) repo(s) put don't want to allow them direct push... Where is this feature on your roadmap?
Thanks for this feedback! We're always working to improve GitHub, and we consider every suggestion we receive. I've logged your feature request in our internal feature request list. Though I can't guarantee anything or share a timeline for this, I can tell you that it's been shared with the appropriate teams for consideration.
Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!
Having more granular control on private repos for individual users is a must. Sure if they can read it they should be able to clone/fork but i want to disable specific users ability to push with out a propper pull request. Same with branching. Really should be able to have same functionallity as public for private, just we control the viewers.
any updates on this?
I have the same requirement as others that reply to this topic.
I want to add users to my private repo, but I want them to contribute only using PR, not by committing directly.
I'm sure that not only I have such a requirement.
This feature request is from 12-11-2017, so it is taking forever 😥
Using protected branch ( especially for master) will give you some options, such as requesting members with write permission review to the changes before merging. You can also enforce the need for owner review. I did not tried protected branches with private reops before but I think it would be the same as the public repos.
@WaleedMortajaThis is not exactly what you need.
+ 1 it would be nice to have possibly give a look at the private private repository.