Permissions And Security Management

How Permissions Work On Codeship

Let’s take a look at how Codeship manages permissions around your source control, your builds and your team.

What do we mean by permissions?

When we say permissions, we are talking about access you give Codeship to your source control repo, or access you give to people on your team to your Codeship builds and account information.

What permissions are needed on my source control?

Codeship requires different permission levels depending on the source control service being used.

  • Github
    • We require read/write permissions to your private repositoties so that we can clone the repos and report back status.
    • Like all providers that integrate with Github, we’d love to request fewer permissions than we do, but as we’re currently using GiHub’s Oauth integration, we’re limited to the few options GitHub provides (we’re asking for repo and user:email scopes). We are looking to move to the new GitHub Integration options, to offer you more granular control, in the near future.
  • Bitbucket
    • We require master or owner permissions so that we can clone the repos and report back status.
    • At this point in time, we’re asking for full access, but will change this soon to only cover reading/writing to your repos and webhooks as well as reading your email addresses. You can see the full list of permission options available from BitBucket here.
  • Gitlab
    • We require admin permissions so that we can clone the repos and report back status.
    • For GitLab we can only ask for the api scope, as it’s the only of the two options GitLab provides that will allow us to access your repos.

What permissions can I assign my team members?

You can learn more about organization management on Codeship by clicking here, but in general there are four basic security levels for teams on Codeship:

  • Owners have control over all aspects of an organization. From changing the subscription to managing organization projects and teams.

  • Managers have control over team and project management of an organization. They can add and remove projects and manage the organization teams by adding new team members or assigning projects to teams. They have access to all projects and are able to change the project configuration.

  • Project Managers can manage projects the team is assigned to. They can debug builds, update test settings, or manage deployments.

  • Contributors have read-only access to their projects. This means that they can view the project dashboard and build details but are not allowed to change project settings or open debug builds.

Can Codeship staff see my code or builds?

You can learn more about security on Codeship by clicking here, but there are two Codeship services and staff have different levels of access for each:

  • On Codeship Basic, with permission our support team can open an SSH debug session in to your build machine which allows us to see your source code.

  • On Codeship Pro, we have no direct access to your source control but our support team can see your builds and build logs, as well as account information.

“3rd Party Access Restrictions” For Organizations

Note this only applies to Github.

If the repositories for a GitHub organization don’t show up on Codeship, please head over to the settings for the Codeship application on GitHub and in the section labeled Organization access either

  • Request access if you are not an administrator for the organization. (Your request will then have to be approved by an admin.)
  • Grant access if you are an administrator.

Once this is done and access has been granted, the organizations repositories will show up in the repository selector on Codeship again.

See GitHub’s help article on 3rd party restrictions for more background information about this feature.

Need More Help?

Get in touch if you need more help, or post on Stack Overflow using the tag #Codeship.

  • Ask The Helpdesk A Question
  • Code Examples And Sample Projects
    • Was This Article Helpful?