96
edits
GitHub/GHE Project: Difference between revisions
→Managing Org Ownership permissions: Added link specifying what ownership vs. membership gets you.
Cknowles-moz (talk | contribs) (making acronyms clearer and sonsistent with usage in other docs.) |
Cknowles-moz (talk | contribs) (→Managing Org Ownership permissions: Added link specifying what ownership vs. membership gets you.) |
||
| Line 19: | Line 19: | ||
== Managing Org Ownership permissions == | == Managing Org Ownership permissions == | ||
One of the known security changes we're working to implement is to limit the number of people with org owner permissions wherever possible. As part of induction, we'll be reaching out to the people with owner permissions and asking if they need this (at all, and in light of the duties that IT is now taking on) | One of the known security changes we're working to implement is to limit the number of people with org owner permissions wherever possible. As part of induction, we'll be reaching out to the people with owner permissions and asking if they need this (at all, and in light of the duties that IT is now taking on) | ||
* Owners in GitHub have complete "root" level rights to every repository and to all setting in the org, so limiting this to "definitely needed" cases is the desire. | |||
* There are auth0, and duo and GHE costs related to keeping them, and various bits of upkeep - so we would like to remove them where feasible. | * There are auth0, and duo and GHE costs related to keeping them, and various bits of upkeep - so we would like to remove them where feasible. | ||
* Any remaining org owners will be required to have a "root" account, separate from their "daily driver" or "mortal" account. | * Any remaining org owners will be required to have a "root" account, separate from their "daily driver" or "mortal" account. | ||
For more information on what ownership vs membership roles are, [https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#permissions-for-organization-roles this] link from GitHub outlines that. Note that if the desire is simply to have full access to all repositories in the org, we can do that without ownership rights. | |||
== Ways to Reach IT == | == Ways to Reach IT == | ||
* Bugzilla - Please don't mark it as fully confidential without cc'ing in someone from the ghe-admins@ group. https://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&component=Github%3A+Administration | * Bugzilla - Please don't mark it as fully confidential without cc'ing in someone from the ghe-admins@ group. https://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&component=Github%3A+Administration | ||