Platform BasicsPermissions
Repository
What each repository role can do
A repository holds code, change requests, and pipelines. Read access (viewing code, change requests, and discussions) is separated from write access (pushing code, running pipelines), so you can let members browse the code without giving them the ability to change it.
Roles
A repository has three roles. Higher rows have more permissions.
| Role | Description |
|---|---|
| Manage | Full control, including members, access, settings, and deletion |
| Write | Push code, create branches, run pipelines, and other development tasks |
| Read | View code, change requests, and discussions (no write actions) |
Permissions
What each role can do at the repository level.
| Action | Manage | Write | Read |
|---|---|---|---|
| View repository | ● | ● | ● |
| View change requests | ● | ● | ● |
| View pipelines | ● | ● | ● |
| Comment | ● | ● | ● |
| Assign labels, assignees, reviewers | ● | ● | ● |
| View code | ● | ● | ● |
| Push code | ● | ● | — |
| Create branch | ● | ● | — |
| Create change request | ● | ● | — |
| Run pipeline | ● | ● | — |
| Invite or change member roles | ● | — | — |
| Edit repository settings | ● | — | — |
| Delete repository | ● | — | — |
Switch a repository to public, and every member of the parent workspace automatically gets Read access — including the ability to view code. It is not exposed outside the organization, but the entire workspace can now browse the source, so confirm carefully before switching.