Skip to main content

Managing Collab Repository Access

This topic describes how to add users to the Replicated collab GitHub repository automatically through the vendor portal. It also includes information about managing user roles in this repository using vendor portal role-based access control (RBAC) policies.

Overview of Managing Collab Access

The replicated-collab organization in GitHub is used for tracking and collaborating on escalations, bug reports, and feature requests that are sent by members of a vendor portal team to the Replicated team. Replicated creates a unique repository in the replicated-collab organization for each vendor portal team. Members of a vendor portal team submit issues to their unique collab repository through the vendor portal Support page.

For more information about the collab repositories and how they are used, see Replicated Support Paths and Processes in Replicated Community.

To get access to the collab repository, members of a vendor portal team can add their GitHub username to the Account Settings page in the vendor portal. The vendor portal then automatically provisions the team member as a user in the collab repository in GitHub. The RBAC policy that the member is assigned in the vendor portal determines the GitHub role that they have in the collab repository.

Replicated recommends that vendor portal admins manage user access to the collab repository through the vendor portal, rather than manually managing users through GitHub. Managing access through the vendor portal has the following benefits:

  • Users are automatically added to the collab repository when they add their GitHub username in the vendor portal.
  • Users are automatically removed from the collab repository when they are removed from the vendor portal team.
  • Vendor portal and collab repository RBAC policies are managed from a single location.

For more information about adding users to the collab repository through the vendor portal, see Add Users to the Collab Repository below.

Default GitHub Roles

When team members add a GitHub username to their vendor portal account, the vendor portal determines how to assign the user a GitHub role in the collab repository based on the following criteria:

  • If the GitHub username already exists in the collab repository
  • The policy assigned to the member in the vendor portal

For more information about how the vendor portal handles existing GitHub usernames, see Default GitHub Roles for Existing Users below.

For more information about how the policy assigned to the member in the vendor portal maps to a GitHub role in the collab repository, see Default GitHub Role Mapping below.

Default GitHub Roles for Existing Users

If a team member adds a GitHub username to their vendor portal account that already exists in the collab repository, then the vendor portal does not change the role that the existing user is assigned in the collab repository.

However, if the RBAC policy assigned to this member in the vendor portal later changes, or if the member is removed from the vendor portal team, then the vendor portal updates or removes the user in the collab repository accordingly.

Default GitHub Role Mapping

When team members add a GitHub username to their vendor portal account, the vendor portal assigns them to a GitHub role in the collab repository that corresponds to their vendor portal policy. For example, users with the default Read Only policy in the vendor portal are assigned the Read GitHub role in the collab repository.

For team members assigned custom RBAC policies in the vendor portal, you can edit the custom policy to change their GitHub role in the collab repository. For more information, see About Changing the Default GitHub Role below.

The table below describes how each default and custom vendor portal policy corresponds to a role in the collab repository in GitHub. For more information about each of the GitHub roles described in this table, see Permissions for each role in the GitHub documentation.

Vendor Portal RoleGitHub collab RoleDescription
AdminAdmin

Members assigned the default Admin role in the vendor portal are assigned the GitHub Admin role in the collab repository.

Support EngineerTriage

Members assigned the custom Support Engineer role in the vendor portal are assigned the GitHub Triage role in the collab respository.

For information about creating a custom Support Engineer policy in the vendor portal, see Support Engineer in About RBAC Policies.

For information about editing custom RBAC policies to change this default GitHub role, see About Changing the Default GitHub Role below.

Read OnlyReadMembers assigned the default Read Only role in the vendor portal are assigned the GitHub Read role in the collab repository.
SalesN/A

Users assigned the custom Sales role in the vendor portal do not have access to the collab repository.

For information about creating a custom Sales policy in the vendor portal, see Sales in About RBAC Policies.

For information about editing custom RBAC policies to change this default GitHub role, see About Changing the Default GitHub Role below.

Custom policies with **/admin under allowed:Admin

By default, members assigned to a custom RBAC policy that specifies **/admin under allowed: are assigned the GitHub Admin role in the collab repository.

For information about editing custom RBAC policies to change this default GitHub role, see About Changing the Default GitHub Role below.

Custom policies without **/admin under allowed:Read Only

By default, members assigned to any custom RBAC policies that do not specify **/admin under allowed: are assigned the Read Only GitHub role in the collab repository.

For information about editing custom RBAC policies to change this default GitHub role, see About Changing the Default GitHub Role below.

About Changing the Default GitHub Role

You can update any custom RBAC policies that you create in the vendor portal to change the default GitHub roles for those policies. For example, by default, any team members assigned a custom policy with **/admin under allowed: are assigned the Admin role in the collab repository in GitHub. You can update the custom policy to specify a more restrictive GitHub role.

To edit a custom policy to change the default GitHub role assigned to users with that policy, add one of the following RBAC resources to the allowed: or denied: list in the custom policy:

  • team/support-issues/read
  • team/support-issues/write
  • team/support-issues/triage
  • team/support-issues/admin

For more information about each of these RBAC resources, see Team in RBAC Resource Names.

For more information about how to edit the allowed: or denied: lists for custom policies in the vendor portal, see Configuring Custom RBAC Policies.

important

When you update an existing RBAC policy to add one or more team/support-issues resource, the GitHub role in the Replicated collab repository of every team member that is assigned to that policy and has a GitHub username saved in their account is updated accordingly.

Adding Users to the Collab Repository

This procedure describes how to use the vendor portal to access the collab repository for the first time as an Admin, then automatically add new and existing users to the repository. This allows you to use the vendor portal to manage the GitHub roles for users in the collab repository, rather than manually adding, managing, and removing users from the repository through GitHub. For more information, see Overview of Managing Collab Access above.

Prerequisites

Your team must have a replicated-collab repository configured to add users to the repository and to manage repository access through the vendor portal. To get a collab support repository configured in GitHub for your team, complete the onboarding instructions in the email you received from Replicated. You can also access the Replicated community help forum for assistance.

Add Users to the Repository

To add new and existing users to the collab repository through the vendor portal:

  1. As a vendor portal admin, log in to your vendor portal account. In the Account Settings page, add your GitHub username and click Save Changes.

    The vendor portal automatically adds your GitHub username to the collab repository and assigns it the Admin role. You receive an email with details about the collab repository when you are added.

  2. Follow the collab repository link from the email that you receive to log in to your GitHub account and access the repository.

  3. (Recommended) Manually remove any users in the collab repository that were previously added through GitHub.

    note

    If a team member adds a GitHub username to their vendor portal account that already exists in the collab repository, then the vendor portal does not change the role that the existing user is assigned in the collab repository.

    However, if the RBAC policy assigned to this member in the vendor portal later changes, or if the member is removed from the vendor portal team, then the vendor portal updates or removes the user in the collab repository accordingly.

  4. (Optional) In the vendor portal, go to the Team page. For each team member, click Edit permissions as necessary to specify their GitHub role in the collab repository.

    For information about which policies to select, see Default GitHub Roles and About Changing the Default GitHub Role above.

  5. Instruct each vendor portal team member to add their GitHub username to the Account Settings page in the vendor portal.

    The vendor portal adds the username to the collab repo and assigns a GitHub role to the user based on their vendor portal policy.

    Users receive an email when they are added to the collab repository.