Request for Granular Folder-Level Access Control in Github

[rakibulalam]

Select Topic Area

General

Body

I am writing to highlight a significant challenge faced by developers working on projects that use a mono-repository framework to manage microservices, frontend and backend applications. The current lack of granular folder-level access control within these mono repositories creates security and access management issues for development teams.

Problem Statement:

With the growing trend towards mono repositories for managing microservices, frontend and backend applications, developers often find themselves working on projects with a unified codebase. While this approach has many advantages, it also presents challenges related to access control. Currently, developers with access to the Mono repository gain visibility and access to all folders, including microservices, frontend, and backend applications.

Problems encountered:

• Security concerns: Housing of different services in mono repositories, lack of fine-grained access control at the folder level poses risk of unintended access to sensitive code and data.

• Access Management: With multiple teams responsible for different services within a mono repository, managing access permissions becomes complex. Developers may have wider access than necessary, leading to potential security vulnerabilities.

• Codebase clutter: In large mono repositories, the presence of multiple services can lead to codebase clutter. Developers may inadvertently interact with or modify code outside of their designated area.

Suggested solution:
I urge GitHub to consider implementing a feature that allows for granular folder-level access control within Mono repositories. This enhancement will enable developers to set permissions at the folder level, ensuring that each team or developer has access to specific parts of the codebase related to their responsibilities.

Use Cases:

• Microservices: Developers working on a specific microservice should only have access to folders and code related to that specific microservice.

• Separation of frontend and backend: Teams responsible for frontend and backend applications may have separate access permissions to maintain separation of concerns.

• Enhanced security: Folder-level access control supports a more secure development environment, reducing the risk of unintended access to sensitive information.

I believe that including folder-level access control in Mono repositories will significantly increase the manageability and security of projects following this architecture. I appreciate GitHub's commitment to continuous improvement and innovation, and I look forward to any updates on this.

[runephilosof-abtion]

You can limit write access by setting branch protection rules.
But you cannot limit read access. I don't think that is something Github can implement, that is part of how git works.
You will have to split your codebase up in different repos, possibly connecting them in a mono repo as git modules.

[rakibulalam]

@runephilosof-abtion With the increasing prevalence of mono repo and microservices-based applications, safeguarding read access becomes imperative. This is precisely need GitHub is to consider for introducing features to protect read access. Creating different repositories for a unified code system will be hard to maintain.

[runephilosof-abtion]

How do you propose the workflow would be?
What should happen when a user run git clone on their local machine?

[rakibulalam]

@runephilosof-abtion thanks for your reply in this proposal can be effective:

Workflow:

1. Create a file named gitaccess in the root directory to serve as the access path configuration.
2. Update the manage access to include the new access path options.
3. Implement an access path protection controller to effectively manage access rights.
4. Ensure that collaborators can easily view any restrictions specified in the .gitaccess file.
5. If any necessary access is missing, collaborators should promptly inform the appropriate person for authorization.
6. Whenever new access is granted by the root, ensure it is promptly documented in the .gitaccess file.
7. Make sure that the .gitaccess file is correctly permissioned by the root user to maintain security.

[runephilosof-abtion]

I meant more low level, how should this work with the git protocol, when the collaborator checks out the repository locally.
Git is a distributed version control system, so I don't see how this can work on any git repository.

[zoltan-spire]

My use case would be to create a GitOps workflow for managing configuration files where all users have read access to all folders and files, write access is restricted for each user/team to a certain folder.

I believe this would be possible without getting tangled up in the git protocol, because it would simply be a pre-git level access control check: if the commit has changes anywhere outside the permitted folders the push is rejected.

[runephilosof-abtion]

That is already possible with branch protection rules.

[zoltan-spire]

From what I understand from branch protection rules the patterns only apply to branch names, not the folders and file paths.

Perhaps combining branch protection with CODEOWNERS would be an option to achieve something similar? Or is there a simpler way of doing this?