Manage Repository Visibility and Access in GitHub Enterprise
GitHub Enterprise repositories at UWM are hidden by default unless the repository is intentionally shared with the public, all UWM GitHub Enterprise members, a specific team, or a specific individual.
Use the least-access option that supports the work. When in doubt, keep the repository private and grant access through a GitHub Team.
Before You Begin
You must have the correct permissions to change repository visibility or manage access. If you cannot see the repository Settings tab or cannot change visibility, your access may be limited by repository, organization, or enterprise policy.
For more information on roles, see:
Roles currently available:
- Read: View and clone the repository. Use for reviewers or stakeholders who do not need to make changes.
- Triage: Manage issues and pull requests without changing code.
- Write: Push changes and manage branches. Use for active contributors.
- Maintain: Manage the repository without access to sensitive or destructive settings.
- Admin: Full repository control. Use only for service owners, repository owners, or designated administrators.
Making a Repository Public
Use public visibility only when the repository is intended for anyone on the internet to view.
Public repositories are visible outside UWM. Before making a repository public, confirm that it does not contain restricted, sensitive, confidential, FERPA-protected, security-sensitive, licensed, or unpublished institutional content.
For more information, see:
Steps:
- Open the repository in GitHub Enterprise.
- Select Settings.
- Scroll to Danger Zone.
- Select Change visibility.
- Choose Public.
- Confirm the repository name when prompted.
- Review the repository after the change to confirm that no private content, secrets, internal documentation, or restricted data is exposed.
Making a Repository UWM-Only
Use UWM-only visibility when everyone in UWM’s GitHub Enterprise environment may view the repository, but the repository should not be visible to the public internet.
In GitHub, this visibility is usually called Internal. Internal repositories are available to enterprise members but are not public.
For more information, see:
Steps:
- Open the repository in GitHub Enterprise.
- Select Settings.
- Scroll to Danger Zone.
- Select Change visibility.
- Choose Internal.
- Confirm the repository name when prompted.
- Review repository access to confirm that no team or individual has a higher role than needed.
Making a Repository Private to a Team
Use team-based access for most private repositories. Teams make access easier to review, update, and remove when people change roles.
For more information, see:
- About organization teams
- Managing team access to an organization repository
- Managing teams and people with access to your repository
Set up the team first:
- Go to the UWM GitHub organization.
- Select Teams.
- Select New team.
- Enter a team name that clearly describes the group, service, project, or function.
- Add a description that explains what the team is for.
- Add the appropriate members.
- Assign one or more team maintainers if the team will be managed by the service or project area.
Then grant the team access to the private repository:
- Open the repository in GitHub Enterprise.
- Select Settings.
- Select Collaborators and teams.
- Select Add teams.
- Search for the team.
- Select the appropriate repository role.
- Add the team.
- Confirm the team appears in the repository access list with the correct role.
Use one team per stable access group. For example, create separate teams for service administrators, developers, student workers, or read-only reviewers when those groups need different permission levels.
Making a Repository Private to an Individual
Use individual access only when access is temporary, exceptional, or limited to one person. For ongoing work, use a team instead.
For more information, see:
Steps:
- Open the repository in GitHub Enterprise.
- Select Settings.
- Select Collaborators and teams.
- Select Add people.
- Search for the person’s GitHub Enterprise account.
- Select the appropriate repository role.
- Add the person.
- Confirm the person appears in the repository access list with the correct role.
Organization owners should review individual access regularly. If more than one person needs the same access, create a team and move access management to that team.
Choosing the Right Access Level
Before changing repository visibility or sharing access, consider who actually needs to use the repository and what they need to do.
- Use Public only when the repository is intended to be visible to anyone on the internet.
- Use UWM-only/Internal when the repository may be shared across UWM GitHub Enterprise users but should not be visible publicly.
- Use a private repository with team access when a defined group needs ongoing access.
- Use a private repository with individual access only when access is limited, temporary, or exceptional.
- Give people the lowest repository role that supports their work. For example, someone who only needs to review content may only need Read access, while someone contributing code may need Write access.
- Avoid storing passwords, access tokens, private keys, protected student information, or other restricted data in GitHub repositories, regardless of repository visibility.
- Remember that private repositories may still be visible to authorized GitHub administrators, including owners of the organization that manages the repository.
- When access needs change, update the repository, team, or individual permissions so access stays aligned with the current project or service need.
Need Help?
For help with GitHub Enterprise repository access, visibility, teams, or permissions, contact the UWM Help Desk.