Restricting project permissions for external users within organisation


(Thomas De Groof) #1

For some client projects, we wish to grant client stakeholders access to the client-specific Stoplight project in our Organisation.

Unfortunately, once a user is added to an Organisation, (s)he has read access to all repositories in that Organisation. Meaning: one client can view the projects of all other ones.

The alternative would be to set up a separate Organisation for these clients, and add our users to this Organisation. But then our users are billed twice.

What is the recommended way to restrict viewing access, while not billing users for 2 organisations?


(Robbins) #2

Hey Thomas,

At the moment there unfortunately isn’t a method for restricting access to repos for organizations members. What I would suggest is publishing docs behind some form of authorization and sending your stakeholders there.

Best,
Rob


(Thomas De Groof) #3

Hi Rob,

Thanks for your reply.

Published docs is not the issue… we want to provide access to the test scenarios and unreleased specification versions.
Any idea on how to tackle this?


(Robbins) #4

Hey Thomas,

It’s unfortunately not a feature we have at the moment but I have let the team know and we will discuss adding it in the future.

Best,
Rob


(Jelle) #5

Hi Rob,

Could you provide any timeline for this feature. It would be nice if we can collaborate with external stakeholders without giving them full read access to all our (organisation) repos.

Another option is limited read access for a certain team within an organisation.

Kind regards,
Jelle


(David Campbell) #6

Collaboration with a client was our initial driving goal when we signed up, was kind of surprised to find we were granting them permanent access to all our future projects too. I had imagined they could be put into a team and have that team restricted to only accessing the one project.


(Taylor Barnett) #7

Yes, this would be much better.

We will be working on how organizational permissions are done in a future sprint later this year to try to make it so that not all organization users will see each project. Because of how it is architected now, it isn’t possible as y’all have seen, but it will be improving.

I don’t have the exact timeline for it right now.

@jelle if you make your project public, you can link external users to see it without them seeing your other private projects. Don’t know if that helps for your exact use case, but I thought I’d mention it.