Getting started with repository level authorization

Getting started with repository level authorization

The line between data security and active collaboration is one of the biggest concerns for many Deveo users. With open source platforms, you accept anyone and everyone can access your code, but with private platforms, users are far less liberal. And understandably so. It’s a private platform after all!

After conversations with our customers, we realized this issue is more than a mere inconvenience. For some, it didn't matter at all, but for others it caused a huge logistical headache. We are proud to develop Deveo in close collaboration with our customers, so when they came to us asking for help, we listened.

We take data security seriously. We also take productivity and efficiency seriously. So, finding a way to allow secure collaboration is naturally one of our biggest priorities. We want our users to be able to collaborate on their projects with whoever they want, without having to restructure directories or create standalone projects.

The issue with Deveo used to be that granting collaborators access to projects meant they had access to all assets in all of the repositories within a project. For projects using a single repository, this isn’t much of an issue, but once you add multiple repositories to a single project, it can get troublesome. Any collaborator with access to the project would have had access to all repositories and the code within them.

This was inefficient, by no means scalable, and far from the simple, elegant, secure solution we wanted to provide.

As a team, we value simplicity and strive to be user-centric at all times. It soon became clear that we had to introduce an easily managed solution at an administrator level. It also needed to be suitable for all new and existing projects and repository types, regardless of whether assets were stored in Git, Subversion (SVN), Mercurial, or WebDAV repositories.

In Deveo 3.15, after countless hours designing, developing, and debugging, the incredible team at Deveo proudly released Repository Level Authorization.

Repository Level Authorization

What is repository level authorization?

Repository Level Authorization is exactly as it sounds. It adds additional functionality for project administrators to limit specific user access not only on a project level but on an individual repository level. This means collaboration can happen on a project in a more secure, scalable, efficient way than ever before in Deveo. We see this as a powerful enhancement, that will allow extremely fine-grained permission definitions.

Getting started with Repository Level Authorization

Instead of trying to rebuild the entire access scheme, repository level permissions has been introduced as an extra layer. This means we can ensure the functionality is backward compatible for both on-premise and cloud users.

To access repository level permissions, head over to the team view. In either the “Users”, “Collaborators”, or “Bots” section you’ll see a revised team screen divided into two tabs - “Project” and “Repositories”. If project permissions are all you need, you can continue using them by default. Nothing has changed, and you can go on knowing your project is secure.

If, however, you would like to access repository permissions, click the “Repositories” tab and select which repositories you wish to manage.

Once you’ve selected the repositories you wish to manage, you’ll see a table with all team members (or collaborators), the repositories they have access to, and the corresponding role they have for each repository.

To manage these access rights, click the toggle to activate it (active toggles are green). From there, click on the cell containing the corresponding team mate’s role, and select a new role from the popup. Once you’re happy, click the ‘Select’ button, and your changes will be saved.

If you’d like to know more about project and repository roles, take a look here.

Repository level authorization is a powerful addition to Deveo’s access management, and a dream for teams wanting to reap the benefits of collaboration, without the drawbacks of relinquishing privacy.

Have you used repository level authorization in your projects? Leave a comment and let us know how it’s working out for you.

Seamless software development.

Code management and collaboration platform with Git, Subversion, and Mercurial.

Sign up for free
comments powered by Disqus