Effective June 17, 2024, Cloud Source Repositories isn't available to new customers. If your organization hasn't previously used Cloud Source Repositories, you can't enable the API or use Cloud Source Repositories. New projects not connected to an organization can't enable the Cloud Source Repositories API. Organizations that have used Cloud Source Repositories prior to June 17, 2024 are not affected by this change.

Access control with IAM

Access control in Google Cloud is controlled using Identity and Access Management (IAM). IAM allows you to set permissions specifying who has what kind of access to which resources in your project.

Cloud Source Repositories uses IAM for access control. You can use IAM to add team members to your project and to grant them permissions to create, view, and update repositories.

This page describes the IAM permissions and roles that apply to Cloud Source Repositories.

Permissions

With IAM, every action on a repository in Cloud Source Repositories requires that the account initiating the action has the appropriate permissions. You don't grant specific permissions to an account. Instead, you grant a role that contains the appropriate set of permissions.

The following table describes the permissions available in Cloud Source Repositories.

Permission	Description
`source.repos.list`	List repositories within a project.
`source.repos.create`	Create a repository within a project.
`source.repos.get`	Clone, fetch, and browse repositories.
`source.repos.update`	Push changes to a repository.
`source.repos.updateRepoConfig`	Change a repository configuration.
`source.repos.delete`	Delete a repository.
`source.repos.getIamPolicy`	Read/view the IAM policy of a repository.
`source.repos.setIamPolicy`	Change the IAM policy of a repository.
`source.repos.getProjectConfig`	Read/view the Google Cloud project configuration.
`source.repos.updateProjectConfig`	Change the Google Cloud project configuration.

Roles

You assign permissions to accounts through the use of roles. The following table lists the roles available for Cloud Source Repositories.

Role	Role Title
`roles/source.reader`	Source Repository Reader
`roles/source.writer`	Source Repository Writer
`roles/source.admin`	Source Repository Administrator

Roles and permissions matrix

Use the table below to select the appropriate role for an account based on the types of actions you want that account to perform.

Capability	`reader`	`writer`	`admin`
List repositories
Clone, fetch, and browse repositories
Update repositories
Create repositories
Update repository configurations
Delete repositories
View IAM policies
Set IAM policies
View Google Cloud project configurations
Update Google Cloud project configurations

Custom roles

In addition to the predefined roles, Cloud Source Repositories also supports custom roles. For more information, see Creating and managing custom roles in the IAM documentation.

Granting member access

In IAM, you grant access to members. There are multiple types of members. For a complete list, see Concepts related to identity.

For specific steps on granting member access, see Granting, changing, and revoking access to resources.

You can't make a Google Cloud repository public. As a result, Cloud Source Repositories doesn't support the following member types:

allAuthenticatedUsers
allUsers