Allow a project owner to disable shared workspaces

[mikenikles]

Based on feedback we received via the docs feedback widget: "Can we disable sharing globally for teams (as a security measure)?"

[gtsiolis]

FYI, This is also cross-linked[1] in the docs. 🎗️

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[gtsiolis]

Introducing 🅰️ team-level or also 🅱️ instance-level setting sounds interesting. 💭

We also recently disabled snapshots for repositories users don't have access to in #8306.

[reustle]

Currently the docs say:

Beware, anybody with this URL and a Gitpod account will be able to access the workspace as long as it is shared and running.

Would it be technically feasible with the existing GitHub API to for example, allow anyone with a GitPod account that is linked to a GitHub account which has access to this repo to access the workspace? Thank you.

[joeizy]

GitHub organization could be a good security boundary to allow/deny. Not sure if other platforms (i.e. GitLab, etc.) have a similar construct.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[andreas-vogl]

+1 for instance and team level setting to deactivate workspace sharing.

From the docs it seems you are well aware of the risks. I see this as a blocker for a wider rollout, as sharing a workspace like this equals leaking SCM credentials.