This topic describes how you can provide users access to repositories and projects, and what actions those users can take. Examples of user actions include the following:
- Listing repositories
- Creating new repositories
- Updating repositories
For a complete list of actions, see Roles and permissions matrix .
Grant permissions to view repositories
Users with this level of permissions can view the contents of a repository. They can also clone and fetch the repository.
If granted this permission at the project level, users can view all repositories for that project.
Grant viewing permissions for a repository
Console
-
In the Google Cloud console, open Cloud Source Repositories in the My source view tab
-
Click the name of a repository.
The Filesview opens.
-
Click Settings settings .
The General settingspage opens.
-
Click Permissions.
The Permissionspage opens.
-
In the Membersfield, enter the user's email address.
-
In the Roledrop-down list, select Source repository > Source Repository Reader.
-
Click Add.
Command line
-
Open a terminal window.
-
Enter the following command:
gcloud source repos set-iam-policy [REPO_NAME] [POLICY_FILE] [GCLOUD_WIDE_FLAG …]Where:
-
[REPO_NAME]is the name of the repository. -
[POLICY_FILE]is the JSON or YAML file with the Identity and Access Management policy.
-
For more information on this command, see gcloud source repos set-iam-policy .
Grant viewing permissions across a project
Console
-
In the Google Cloud console, open Cloud Source Repositories in the My source view tab
-
Click the name of a Google Cloud project ID for a specific repository.
The page displays a list of all repositories for that project.
-
Click Settings settings .
The General settingspage opens.
-
Click Permissions.
The Permissionspage opens.
-
In the Membersfield, enter the user's email address.
-
In the Roledrop-down list, select Source repository > Source Repository Reader.
-
Click Add.
Command line
-
Open a terminal window.
-
Enter the following command:
gcloud projects add-iam-policy-binding [PROJECT_ID] --member=[MEMBER] \ --role=[ROLE] [GCLOUD_WIDE_FLAG …]Where:
-
[PROJECT_ID]is the ID for your Google Cloud project. -
[MEMBER]is the user you want to add. -
[ROLE]is the IAM role you want to assign.
-
For more information on this command, see gcloud projects add-iam-policy-binding .
Grant permissions to push commits
Users with this level of permissions can push changes to a repository. They can also perform all the actions described in Viewing repositories .
If granted this permission at the project level, users can push changes to all repositories in that project.
Grant push permissions for a repository
Console
-
In the Google Cloud console, open Cloud Source Repositories in the My source view tab
-
Click the name of a repository.
The Filesview opens.
-
Click Settings settings .
The General settingspage opens.
-
Click Permissions.
The Permissionspage opens.
-
In the Membersfield, enter the user's email address.
-
In the Roledrop-down list, select Source repository > Source Repository Writer.
-
Click Add.
Command line
-
Open a terminal window.
-
Enter the following command:
gcloud source repos set-iam-policy [REPO_NAME] [POLICY_FILE] [GCLOUD_WIDE_FLAG …]Where:
-
[REPO_NAME]is the name of the repository. -
[POLICY_FILE]is the JSON or YAML file with the IAM policy.
-
For more information on this command, see gcloud source repos set-iam-policy .
Grant push permissions for a project
Console
-
In the Google Cloud console, open Cloud Source Repositories in the My source view tab
-
Click the name of a Google Cloud project ID for a specific repository.
The page displays a list of all repositories for that project.
-
Click Settings settings .
The General settingspage opens.
-
Click Permissions.
The Permissionspage opens.
-
In the Membersfield, enter the user's email address .
-
In the Roledrop-down list, select Source Repository > Source Repository Writer.
-
Click Add.
Command line
-
Open a terminal window.
-
Enter the following command:
gcloud projects add-iam-policy-binding [PROJECT_ID] --member=[MEMBER] \ --role=[ROLE] [GCLOUD_WIDE_FLAG …]Where:
-
[PROJECT_ID]is the ID for your Google Cloud project. -
[MEMBER]is the user you want to add. -
[ROLE]is the IAM role you want to assign.
-
For more information on this command, see gcloud projects add-iam-policy-binding .
Grant permissions to create and delete repositories
If granted this permission at the project level, users can create, update, and delete repositories for the entire project.
-
In the Google Cloud console, open Cloud Source Repositories in the My source view tab
-
Click the name of a Google Cloud project ID for a specific repository.
The page displays a list of all repositories for that project.
-
Click Settings settings .
The General settingspage opens.
-
Click Permissions.
The Permissionspage opens.
-
In the Membersfield, enter the user's email address.
-
In the Roledrop-down list, select Source repository > Source Repository Administrator.
-
Click Add.
Remove a user's access
There may be cases where you need to remove a user's access to a repository or project.
Remove access to a repository
-
In the Google Cloud console, open Cloud Source Repositories in the My source view tab
-
Click on the name of a repository.
The Filesview opens.
-
Click Settings settings .
The General settingspage opens.
-
Click Permissions.
-
Locate the role you want to remove, and then click Delete delete for that role.
A confirmation dialog opens.
-
Click Remove.
Remove access to a project
-
In the Google Cloud console, open Cloud Source Repositories in the My source view tab
-
Click the name of a Google Cloud project ID for a specific repository.
The page displays a list of all repositories for that project.
-
Click Settings settings .
The General settingspage opens.
-
Click Permissions.
The Permissionspage opens.
-
Locate the role you want to remove, and then click Delete delete for that role.
A confirmation dialog opens.
-
Click Remove.
What's next
-
Learn more about Cloud Source Repositories and access control .
-
Learn more about IAM .
