To prevent source code leaks, organizations must effectively control their code data. This topic explains how an organization administrator can manage code repository access and control clone and download permissions for organization members.
Codeup's clone and download control feature lets you restrict code repository clone and download permissions for specific roles within your organization.
You can enable clone and download control globally or for individual code repositories.
Enable globally
An organization administrator can enable clone and download control for the entire organization in Code management, located under .
After enabling the feature, under Allowed roles, select organization member (including administrator). Under Allowed methods, select SSH clone, HTTPS clone, and download ZIP/TAR.
By default, Codeup visibility is scoped to organization members. To grant access to external organization members, go to your organization's admin console, open , and change the availability scope to All members (including external members).
To provide a high level of data security, if you disable both SSH and HTTPS clone methods, Codeup automatically disables the WebIDE service for the organization. This action also restricts code cloning through the WebIDE.
After you enable clone and download control, in the Allowed roles section, select organization member (including administrator). In the Allowed methods section, select download ZIP/TAR and clear the checkboxes for SSH clone and HTTPS clone. These method restrictions do not apply to operations within a Flow pipeline.
Enable for a specific code repository
A code repository administrator can enable clone and download control for a specific code repository under .
After enabling the feature, under Allowed roles, select organization member (including administrator) or external organization member. Under Allowed methods, select SSH clone, HTTPS clone, and download ZIP/TAR. These method restrictions do not apply to operations within a Flow pipeline.
If this feature is enabled in global settings, all code repositories within the organization inherit the global configuration, which cannot be overridden at the individual repository level.