This topic describes how you can provide users access to repositories and projects, and what actions those users can take. Examples of user actions include the following:
- Listing repositories
- Creating new repositories
- Updating repositories
For a complete list of actions, see Roles and permissions matrix.
Grant permissions to view repositories
Users with this level of permissions can view the contents of a repository. They can also clone and fetch the repository.
If granted this permission at the project level, users can view all repositories for that project.
Grant viewing permissions for a repository
Console
In the Google Cloud console, open Cloud Source Repositories in the My source view tab
Click the name of a repository.
The Files view opens.
Click Settings settings.
The General settings page opens.
Click Permissions.
The Permissions page opens.
In the Members field, enter the user's email address.
In the Role drop-down list, select Source repository > Source Repository Reader.
Click Add.
Command line
Open a terminal window.
Enter the following command:
gcloud source repos set-iam-policy [REPO_NAME] [POLICY_FILE] [GCLOUD_WIDE_FLAG …]Where:
[REPO_NAME]is the name of the repository.[POLICY_FILE]is the JSON or YAML file with the Identity and Access Management policy.
For more information on this command, see gcloud source repos set-iam-policy.
Grant viewing permissions across a project
Console
In the Google Cloud console, open Cloud Source Repositories in the My source view tab
Click the name of a Google Cloud project ID for a specific repository.
The page displays a list of all repositories for that project.
Click Settings settings.
The General settings page opens.
Click Permissions.
The Permissions page opens.
In the Members field, enter the user's email address.
In the Role drop-down list, select Source repository > Source Repository Reader.
Click Add.
Command line
Open a terminal window.
Enter the following command:
gcloud projects add-iam-policy-binding [PROJECT_ID] --member=[MEMBER] \ --role=[ROLE] [GCLOUD_WIDE_FLAG …]Where:
[PROJECT_ID]is the ID for your Google Cloud project.[MEMBER]is the user you want to add.[ROLE]is the IAM role you want to assign.
For more information on this command, see gcloud projects add-iam-policy-binding.
Grant permissions to push commits
Users with this level of permissions can push changes to a repository. They can also perform all the actions described in Viewing repositories.
If granted this permission at the project level, users can push changes to all repositories in that project.
Grant push permissions for a repository
Console
In the Google Cloud console, open Cloud Source Repositories in the My source view tab
Click the name of a repository.
The Files view opens.
Click Settings settings.
The General settings page opens.
Click Permissions.
The Permissions page opens.
In the Members field, enter the user's email address.
In the Role drop-down list, select Source repository > Source Repository Writer.
Click Add.
Command line
Open a terminal window.
Enter the following command:
gcloud source repos set-iam-policy [REPO_NAME] [POLICY_FILE] [GCLOUD_WIDE_FLAG …]Where:
[REPO_NAME]is the name of the repository.[POLICY_FILE]is the JSON or YAML file with the IAM policy.
For more information on this command, see gcloud source repos set-iam-policy.
Grant push permissions for a project
Console
In the Google Cloud console, open Cloud Source Repositories in the My source view tab
Click the name of a Google Cloud project ID for a specific repository.
The page displays a list of all repositories for that project.
Click Settings settings.
The General settings page opens.
Click Permissions.
The Permissions page opens.
In the Members field, enter the user's email address .
In the Role drop-down list, select Source Repository > Source Repository Writer.
Click Add.
Command line
Open a terminal window.
Enter the following command:
gcloud projects add-iam-policy-binding [PROJECT_ID] --member=[MEMBER] \ --role=[ROLE] [GCLOUD_WIDE_FLAG …]Where:
[PROJECT_ID]is the ID for your Google Cloud project.[MEMBER]is the user you want to add.[ROLE]is the IAM role you want to assign.
For more information on this command, see gcloud projects add-iam-policy-binding.
Grant permissions to create and delete repositories
If granted this permission at the project level, users can create, update, and delete repositories for the entire project.
In the Google Cloud console, open Cloud Source Repositories in the My source view tab
Click the name of a Google Cloud project ID for a specific repository.
The page displays a list of all repositories for that project.
Click Settings settings.
The General settings page opens.
Click Permissions.
The Permissions page opens.
In the Members field, enter the user's email address.
In the Role drop-down list, select Source repository > Source Repository Administrator.
Click Add.
Remove a user's access
There may be cases where you need to remove a user's access to a repository or project.
Remove access to a repository
In the Google Cloud console, open Cloud Source Repositories in the My source view tab
Click on the name of a repository.
The Files view opens.
Click Settings settings.
The General settings page opens.
Click Permissions.
Locate the role you want to remove, and then click Delete delete for that role.
A confirmation dialog opens.
Click Remove.
Remove access to a project
In the Google Cloud console, open Cloud Source Repositories in the My source view tab
Click the name of a Google Cloud project ID for a specific repository.
The page displays a list of all repositories for that project.
Click Settings settings.
The General settings page opens.
Click Permissions.
The Permissions page opens.
Locate the role you want to remove, and then click Delete delete for that role.
A confirmation dialog opens.
Click Remove.
What's next
Learn more about Cloud Source Repositories and access control.
Learn more about IAM.