OpenText Identity Governance uses the REST GitHub fulfiller to add or remove members from an organization, or a team, or add or remove a collaborator from a repository. When a user is added to an organization or a team the default role assigned is of a “member”, and for a repository, it is “read”. However, members can log in to the GitHub application and change their roles as needed.
Users can get access to a repository directly as collaborators, or when they are members of an organization or a team. As members, they automatically inherit the permission to access the organization and team repositories. So, when you want to remove a collaborator from a repository, or a member from a team, ensure that the repository permission is not inherited from an organization or a team. For the fulfillment verification to be successful, you must remove the member from the parent organization or team so the member loses the child permission, which means the repository permission.
NOTE:The term “collaborator” is specific to GitHub and it refers to a user who is given access to a repository directly. For more information, see the GitHub Docs .
The REST GitHub fulfiller supports the following change requests:
ADD PERMISSION TO USER
REMOVE PERMISSION ASSIGNMENT
REMOVE PERMISSION FROM ACCOUNT
For the fulfillment to process successfully, you must add these mandatory attributes to the Fulfillment Context Attributes area. The following table provides the list of attributes.
|
Fulfillment Context Attributes |
Attributes |
|---|---|
|
Account |
|
|
Permission |
|