[GH Request] Give administrator access to teams owning enterprise repositories. #883
Comments
macdiesel
added
the
github-request
|
Thank you for your report! @openedx/axim-oncall will triage within a business day. Simple requests usually take 2-3 business days to resolve; more complex requests could take longer. |
|
Hello @macdiesel , Because administrative rights give holders the ability to do significant things like grant access to a repository, transfer the repo, or even delete the repo, administrative rights for all repositories in the openedx GitHub organization are reserved for Axim staff and a small number of approved outside collaborators. Approval is subject to having an essential business purpose for administrative rights that cannot be reasonably fulfilled through other mechanisms. For example, administrative rights would be appropriate for a team that routinely updates GitHub actions across the entire organization. We are currently reviewing legacy admin access to all repositories in the openedx organization. We expect to reduce admin access as a result of this review, of course considering the needs of contributors and maintainers. We realize there are certain repository settings that require admin access to change like managing branch protection rules. For these configuration changes, please create an issue in the axim-engineering project and we will make the necessary changes. We recognize and appreciate the desire to own the CI checks and other repository settings, but unfortunately the administrator role on GitHub is overly broad. |
|
Not having this access makes it challenging to move quickly. Things that should take 5 minutes take days or weeks. It's unclear to me how a business that needs be agile and get things done can operate under this model. There has to be a better way to have collaborators on this. Could we nominate certain individuals within our organization to help manage this? Perhaps Directors and above? Senior managers or better? We need to do better here guys. @e0d many of these repos have zero open source contributions. Many will continue to have zero in the future. How is it operationally efficient to have an outside organization manage a repo they don't contribute to to only gate keep access and features from the teams that are actually working on these projects? |
To me these all seem like things that can be taken care of by some guidelines and limiting access to a few selected people. Say our SRE members or the others suggested above. Also many of these actions can be easily undone by github or by removing the access. |
|
We should take a close look at these repos and see if it still makes sense for them to be in the openedx GitHub organization. |
|
@macdiesel a small select number of 2U folks do and will continue to have admin access. In the case of an emergency settings change, the ArchBOM team can support you. In the routine course of business, tickets here requesting the specific change you need are a great option. I have and will continue to discuss access with 2U leadership. Julie D and George B are both in the loop and members of the TOC. If there are specific changes you would like made, please update this issue and reopen it. Closing for now. |
github-project-automation
bot
moved this from In Progress
to Done
in Axim Engineering Tasks
Firm Name
2U
Urgency
Medium (< 2 weeks)
Requested Change
Hello,
Could we please make the following list of users administrators for the list of repos that follows after that.
Admins:
Repos:
Reasoning
As an enterprise function is can be challenging to manage the code repositories we "own" but we don't have administrator access to. We can not do things like control access, change gating on PRS, etc...
The text was updated successfully, but these errors were encountered: