CircleCI Ideas

Context permissions

Context permissions are too restrictive -- I believe they only work with Organization owners. Our engineers need to be able to modify context for individual repositories, but not for the entire organization. It would be a useful feature to make this more granular - either by Github Teams, or by admins on individual repositories.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jul 24 2018
  • Taking votes
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    September 14, 2018 23:54

    Note that contexts themselves are org-wide so managing them on a per-repository level might not work. But at a GitHub Team level it would be wonderful. Many of my organization's contexts are team-scoped, and we're bottlenecking those teams from being able to easily rotate their service account credentials.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    February 25, 2019 03:11

    Team scoped context permissions would be very helpful as Ryan Nixon mentioned.  Currently our choices are to either be bottlenecked by having to assign a few people that can modify contexts (who would then have more overall GitHub permissions than needed), or assign far too many people permissions that are far more than needed.  It's impossible to adhere to the principle of least privilege with the current permissions model. 

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    August 19, 2019 10:39

    Contexts per repo would be a great idea - the same permissions assigned to those context (e.g. github group membership) could be then used to allow who can see/edit them too (just like they are currently used to determine who can access them when kicking off a workflow or job.