Teams: Role-Based Access Control
Teams are the primary mechanism for implementing role-based access control in APIGIT. Created within organizations, teams allow you to group members and assign permissions based on their roles or responsibilities.
Each organization supports three types of teams, arranged in a hierarchical structure:
Owner Team
The Owner Team sits at the top of the permission hierarchy:
- Automatic Creation: Generated automatically when an organization is established
- Initial Membership: The organization creator becomes the first member
- Permanence: Cannot be deleted and must maintain at least one member
- Access Level: Possesses full control over all organization repositories
- Special Privileges: Can modify organization settings, manage teams, and adjust billing
Admin Teams
Admin Teams function as delegated administrators for specific areas:
- Purpose: Created to manage specific repositories or functional areas
- Access Level: Members have full administrative access to assigned repositories
- Team Creation Rights: Members can create new teams within the organization
- Repository Management: Can configure repository settings and access controls
- Member Management: Can add or remove members from non-owner teams
General Teams
General Teams provide customizable, task-specific access:
- Flexible Permissions: Customizable unit-level permissions (Code, Issues, Pull Requests)
- Repository Scope: Can be limited to specific repositories or granted access to all
- Creation Rights: Can be configured to allow or restrict repository creation
- Operational Focus: Members perform day-to-day operations based on assigned permissions
- Scalability: Ideal for project teams, functional groups, or departmental divisions
Managing Teams
Team Administration
To manage teams within an organization:
- Navigate to the organization’s detail page
- Switch to the “Teams” tab
- Use the interface to create new teams or modify existing ones
From this interface, you can:
- Create teams with specific types and permission levels
- Delete teams that are no longer needed
- View team membership and repository access
- Configure team settings and permission scopes
Team Configuration Best Practices
When configuring teams, consider these best practices:
- Minimize Owner Team Size: Limit owner team membership to essential personnel
- Use Admin Teams Strategically: Create admin teams for repository-specific management
- Map Teams to Roles: Align general teams with functional roles in your organization
- Review Regularly: Periodically audit team memberships and permissions
- Implement Least Privilege: Grant only the permissions necessary for team members to perform their duties
Team Membership Management
After creating teams, you’ll need to manage their membership:
- Select the team you wish to modify
- Access the team’s member management interface
- Add colleagues from your subscription account
- Remove members who no longer require access
Remember that all team members must first be added as colleagues to your subscription account before they can be assigned to teams.