Skip to content

Commit

Permalink
feat: Refactor roles and permissions IA DOCS-617 (#2014)
Browse files Browse the repository at this point in the history 
* feat: Reorder sections

* feat: Intro

* feat: Tweak section

* feat: Tweak wording

* feat: Tweaks and review suggestions

* feat: Fix mkdocs warnings

* feat: Apply suggestions from review

Co-authored-by: Cláudia Carpinteiro <[email protected]>

---------

Co-authored-by: Cláudia Carpinteiro <[email protected]>
  • Loading branch information
@nicklem @claudiacarpinteiro
nicklem and claudiacarpinteiro authored May 2, 2024
1 parent 379ab32 commit 532f853
Show file tree
Hide file tree
Showing 2 changed files with 66 additions and 69 deletions.
1 change: 1 addition & 0 deletions docs/assets/includes/admin-access-info.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
!!! info "Only organization admins can update this setting"
134 changes: 65 additions & 69 deletions docs/organizations/roles-and-permissions-for-organizations.md
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,77 @@
---
description: List of operations that users can perform on Codacy depending on their role on the Git provider, and how to configure who can change analysis configurations.
description: List of operations that users can perform on Codacy depending on their role on the Git provider, and how to configure repository management permissions.
---

# Roles and permissions for organizations

By default, Codacy assigns each organization member a role corresponding to that member's role on your Git provider.
By default, Codacy assigns each organization member a role corresponding to that member's role on your Git provider. Each Codacy role, from most restrictive (repository read) to most capable (organization admin), corresponds to a set of permissions that determine what each member can do on Codacy.

To update a member's role on Codacy, update that member's role directly on your Git provider. When next logging in to Codacy, the member is assigned the new role.
To update a member's role on Codacy, update that member's role on your Git provider. When next logging in to Codacy, the member is assigned the new role.

To review the permissions granted by each role, see the tables for each Git provider:
Organization admins can also grant additional permissions:

- To roles, by [configuring repository management permissions](#change-analysis-configuration)
- To individual members, by [assigning the organization manager role](#managing-the-organization-manager-role)

- [GitHub](#permissions-for-github)
- [GitLab](#permissions-for-gitlab)
- [Bitbucket](#permissions-for-bitbucket)
To review the permissions granted by each role, see the tables for each Git provider:

Additionally, you can grant some administrative permissions to any organization member independently of the member's role on the Git provider, using the [organization manager](#the-organization-manager-role) role.
- [Permissions for GitHub](#permissions-for-github)
- [Permissions for GitLab](#permissions-for-gitlab)
- [Permissions for Bitbucket](#permissions-for-bitbucket)

To list and manage the members of your Codacy organization, see the [Managing people](managing-people.md) page.

## Configuring repository management permissions {: id="change-analysis-configuration"}

{% include-markdown "../assets/includes/admin-access-info.md" %}

By default, only users with the Codacy role **repository write** can change analysis configurations.

To change this, open your organization **Settings**, page **Roles and permissions**, and choose the Codacy roles that can perform the following operations on the repositories of your organization:

- [Ignore issues](../repositories/issues.md#ignoring-and-managing-issues)
- [Ignore files](../repositories-configure/ignoring-files.md)
- [Configure code patterns](../repositories-configure/configuring-code-patterns.md)
- [Configure file extensions](../repositories-configure/file-extensions.md)
- [Manage branches](../repositories-configure/managing-branches.md)
- [Reanalyze branches and pull requests](../faq/repositories/how-do-i-reanalyze-my-repository.md)

![Configuring repository management permissions](images/roles-permissions-repo-management.png)

## Managing the organization manager role

{% include-markdown "../assets/includes/admin-access-info.md" %}

To grant an organization member additional permissions, you can assign that member the organization manager role. This role isn't influenced by a member's Git provider role.

To review the additional permissions granted by the organization manager role, see the tables for each Git provider ([GitHub](#permissions-for-github), [GitLab](#permissions-for-gitlab), [Bitbucket](#permissions-for-bitbucket)).

!!! note
Organization managers can access the **Policies** and **Integrations** settings sections of your organization and can therefore impact some repository settings for all repositories of your organization, even repositories that they can't access on the Git provider. However, they can't access the repositories themselves and can only see the repository names.

### Assigning the organization manager role

To assign the organization manager role:

1. Open your organization **Settings**, page **Roles and permissions**.

1. In the **Organization managers** area, use the search field to find the relevant organization member and click the member's name.

!!! note
You can only assign the organization manager role to [members of your organization](./managing-people.md#joining).

![Security and risk management access management](images/roles-permissions-organization-manager-assign.png)

### Revoking the organization manager role

To revoke the organization manager role:

1. Open your organization **Settings**, page **Roles and permissions**.

1. In the **Organization managers** area, scroll the list to find the relevant user.

1. Click the **Revoke role icon** to the right of the user's name and confirm.

## Permissions for GitHub

The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresponding Codacy roles and the operations that they're allowed to perform:
Expand All @@ -43,7 +97,7 @@ The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresp
<td colspan="2">Repository<br/>read</td>
<td colspan="2">Repository<br/>write</td>
<td>Repository<br/>admin</td>
<td><a href="#the-organization-manager-role">Organization<br/>manager</a></td>
<td><a href="#managing-the-organization-manager-role">Organization<br/>manager</a></td>
<td>Organization<br/>admin</td>
</tr>
<tr>
Expand Down Expand Up @@ -197,7 +251,7 @@ The table below maps the GitLab Cloud and GitLab Enterprise roles to the corresp
<td colspan="2">Repository<br/>read</td>
<td>Repository<br/>write</td>
<td colspan="2">Repository<br/>admin</td>
<td><a href="#the-organization-manager-role">Organization<br/>manager</a></td>
<td><a href="#managing-the-organization-manager-role">Organization<br/>manager</a></td>
<td colspan="2">Organization<br/>admin</td>
</tr>
<tr>
Expand Down Expand Up @@ -342,7 +396,7 @@ The table below maps the Bitbucket Cloud and Bitbucket Server roles to the corre
<tr>
<td>Codacy role</td>
<td colspan="2">Repository<br/>read</td>
<td><a href="#the-organization-manager-role">Organization<br/>manager</a></td>
<td><a href="#managing-the-organization-manager-role">Organization<br/>manager</a></td>
<td>Organization<br/>admin</td>
</tr>
<tr>
Expand Down Expand Up @@ -430,64 +484,6 @@ The table below maps the Bitbucket Cloud and Bitbucket Server roles to the corre
<sup>2</sup>: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).
<sup>3</sup>: These users can only see security items originating from Codacy repositories that they follow.

## The organization manager role

To enable other members to manage organization settings, organization admins can share some of their permissions with any organization member using the organization manager role. This role is independent of the Git provider roles of organization members.

To review the additional permissions granted by the organization manager role, see the tables for each Git provider:

- [GitHub](#permissions-for-github)
- [GitLab](#permissions-for-gitlab)
- [Bitbucket](#permissions-for-bitbucket)

!!! important
Organization managers can access the **Policies** and **Integrations** settings sections of your organization and can therefore impact some repository settings for all repositories of your organization, even repositories that they can't access on the Git provider. However, they can't access the repositories themselves and can only see the repository names.

### Assigning the organization manager role

To assign the organization manager role:

1. Open your organization **Settings**, page **Roles and permissions**.

1. In the **Organization managers** area, use the search field to find the relevant organization member and click the member's name.

!!! note
You can only assign the organization manager role to [members of your organization](./managing-people.md#joining).

![Security and risk management access management](images/roles-permissions-organization-manager-assign.png)

### Revoking the organization manager role

To revoke the organization manager role:

1. Open your organization **Settings**, page **Roles and permissions**.

1. In the **Organization managers** area, scroll the list to find the relevant user.

1. Click the **Revoke role icon** to the right of the user's name and confirm.

## Configuring who can change the analysis configuration {: id="change-analysis-configuration"}

By default, only users with the Codacy role **repository write** can change analysis configurations.

To change this, open your organization **Settings**, page **Roles and permissions**, and define the lowest Codacy role required to perform the following operations on the repositories of your organization:

- [Ignore issues](../repositories/issues.md#ignoring-and-managing-issues)
- [Ignore files](../repositories-configure/ignoring-files.md)
- [Configure code patterns](../repositories-configure/configuring-code-patterns.md)
- [Configure file extensions](../repositories-configure/file-extensions.md)
- [Manage branches](../repositories-configure/managing-branches.md)
- [Reanalyze branches and pull requests](../faq/repositories/how-do-i-reanalyze-my-repository.md)

![Configuring who can change analysis configurations](images/roles-permissions-repo-management.png)

!!! note
Codacy determines the role of each organization member from the role of that member on your Git provider:

- [GitHub](#permissions-for-github)
- [GitLab](#permissions-for-gitlab)
- [Bitbucket](#permissions-for-bitbucket)

## See also

- [Managing people](managing-people.md)
Expand Down

0 comments on commit 532f853

Please sign in to comment.