Roles and permissions for organizations
By default, Codacy assigns each organization member a role corresponding to that member's role on your Git provider. Each Codacy role, from most restrictive (repository read) to most capable (organization admin), corresponds to a set of permissions that determine what each member can do on Codacy.
To update a member's role on Codacy, update that member's role on your Git provider. When next logging in to Codacy, the member is assigned the new role.
Organization admins can also grant additional permissions:
- To roles, by configuring repository management permissions
- To individual members, by assigning the organization manager role
To review the permissions granted by each role, see the tables for each Git provider:
To list and manage the members of your Codacy organization, see the Managing people page.
Configuring repository management permissions
Only organization admins can update this setting.
By default, only users with the Codacy role repository write can change analysis configurations.
To change this, open your organization Settings, page Roles and permissions, and choose the Codacy roles that can perform the following operations on the repositories of your organization:
- Ignore issues
- Ignore files
- Configure code patterns
- Configure languages
- Manage branches
- Reanalyze branches and pull requests
- Create targets and run Dynamic Application Security Testing scans
Managing the organization manager role
Only organization admins can update this setting.
To grant an organization member additional permissions, you can assign that member the organization manager role. This role isn't influenced by a member's Git provider role.
To review the additional permissions granted by the organization manager role, see the tables for each Git provider (GitHub, GitLab, Bitbucket).
Organization managers can access the Policies and Integrations settings sections of your organization and can therefore impact some repository settings for all repositories of your organization, even repositories that they can't access on the Git provider. However, they can't access the repositories themselves and can only see the repository names.
Assigning the organization manager role
To assign the organization manager role:
-
Open your organization Settings, page Roles and permissions.
-
In the Organization managers area, use the search field to find the relevant organization member and click the member's name.
noteYou can only assign the organization manager role to members of your organization.
Revoking the organization manager role
To revoke the organization manager role:
-
Open your organization Settings, page Roles and permissions.
-
In the Organization managers area, scroll the list to find the relevant user.
-
Click the Revoke role icon to the right of the user's name and confirm.
Permissions for GitHub
The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresponding Codacy roles and the operations that they're allowed to perform:
| GitHub role | Outside collaborator1 | Repository read | Repository triage | Repository write | Repository maintain | Repository admin | - | Organization Owner |
|---|---|---|---|---|---|---|---|---|
| Codacy role | - | Repository read | Repository write | Repository admin | Organization manager | Organization admin | ||
| Join organization | No | Yes2 | Yes2 | Yes2 | Yes | Yes2 | ||
| View and follow private repository | No | Yes | Yes | Yes | Yes | Yes | ||
| Access Security and risk management | No | Yes3 | Yes3 | Yes3 | Yes | Yes | ||
| Ignore issues and files, configure code patterns and languages, manage branches, reanalyze branches and pull requests | No | Configurable | Configurable | Yes | Inherits original permission | Yes | ||
| Upload coverage using an account API token, see the coverage report logs | No | No | Yes | Yes | Inherits original permission | Yes | ||
| Configure repository Git provider integration settings | No | No | No | Yes | Inherits original permission | Yes | ||
| Configure repository quality gates and goals | No | No | No | Yes | Inherits original permission | Yes | ||
| Enable repository analysis to run on a local build server, manage repository API tokens | No | No | No | Yes | Inherits original permission | Yes | ||
| Add and remove repository | No | No | No | Yes4 | Inherits original permission | Yes | ||
| Manage organization gate policies and coding standards | No | No | No | No | Yes | Yes | ||
| Configure organization default settings for Git provider integration | No | No | No | No | Yes | Yes | ||
| Obtain audit logs for organization events5 | No | No | No | No | Yes | Yes | ||
| Invite and accept members, modify billing | No | No | No | No | No | Yes | ||
| Assign and revoke the organization manager role | No | No | No | No | No | Yes | ||
1: Outside collaborators aren't supported as members of organizations on Codacy. You can still add outside collaborators to Codacy so that Codacy analyzes their commits to private repositories, but they won't be able to join your Codacy organization.
2: Joining an organization may need an approval depending on your setting for accepting new people.
3: These users can only see security items originating from Codacy repositories that they follow.
4: Requires that an organization owner has given the Codacy GitHub App access to the repositories to add or remove.
5: Audit logs are available only on Business plan.
Permissions for GitLab
The table below maps the GitLab Cloud and GitLab Enterprise roles to the corresponding Codacy roles and the operations that they're allowed to perform:
| GitLab role | External user1 | Project guest | Project reporter | Project developer | Project maintainer | Project owner | - | Group owner | Administrator |
|---|---|---|---|---|---|---|---|---|---|
| Codacy role | - | Repository read | Repository write | Repository admin | Organization manager | Organization admin | |||
| Join organization | No | Yes2 | Yes2 | Yes2 | Yes | Yes2 | |||
| View and follow private repository | No | Yes | Yes | Yes | Yes | Yes | |||
| Access Security and risk management | No | Yes3 | Yes3 | Yes3 | Yes | Yes | |||
| Ignore issues and files, configure code patterns and languages, manage branches, reanalyze branches and pull requests | No | Configurable | Configurable | Yes | Inherits original permission | Yes | |||
| Upload coverage using an account API token, see the coverage report logs | No | No | Yes | Yes | Inherits original permission | Yes | |||
| Configure repository Git provider integration settings | No | No | No | Yes | Inherits original permission | Yes | |||
| Configure repository quality gates and goals | No | No | No | Yes | Inherits original permission | Yes | |||
| Configure repository to run analysis on local build server, manage repository API tokens | No | No | No | Yes | Inherits original permission | Yes | |||
| Add and remove repository | No | No | No | Yes | Inherits original permission | Yes | |||
| Manage organization gate policies and coding standards | No | No | No | No | Yes | Yes | |||
| Configure organization default settings for Git provider integration | No | No | No | No | Yes | Yes | |||
| Obtain audit logs for organization events4 | No | No | No | No | Yes | Yes | |||
| Invite and accept members, modify billing | No | No | No | No | No | Yes | |||
| Assign and revoke the organization manager role | No | No | No | No | No | Yes | |||
1: External users aren't supported as members of organizations on Codacy. You can still add external users to Codacy so that Codacy analyzes their commits to private repositories, but they won't be able to join your Codacy organization.
2: Joining an organization may need an approval depending on your setting for accepting new people.
3: These users can only see security items originating from Codacy repositories that they follow.
4: Audit logs are available only on Business plan.
Permissions for Bitbucket
The table below maps the Bitbucket Cloud and Bitbucket Server roles to the corresponding Codacy roles and the operations that they're allowed to perform:
| Bitbucket role | Read | Write1 | - | Admin |
|---|---|---|---|---|
| Codacy role | Repository read | Organization manager | Organization admin | |
| Join organization | Yes2 | Yes | Yes2 | |
| View and follow private repository | Yes | Yes | Yes | |
| Access Security and risk management | Yes3 | Yes | Yes | |
| Ignore issues and files, configure code patterns and languages, manage branches, reanalyze branches and pull requests | Configurable | Inherits original permission | Yes | |
| Upload coverage using an account API token, see the coverage report logs | No | Inherits original permission | Yes | |
| Configure repository Git provider integration settings | No | Inherits original permission | Yes | |
| Configure repository quality gates and goals | No | Inherits original permission | Yes | |
| Configure repository to run analysis on local build server, manage repository API tokens | No | Inherits original permission | Yes | |
| Add and remove repository | No | Inherits original permission | Yes | |
| Manage organization gate policies and coding standards | No | Yes | Yes | |
| Configure organization default settings for Git provider integration | No | Yes | Yes | |
| Obtain audit logs for organization events4 | No | Yes | Yes | |
| Invite and accept members, modify billing | No | No | Yes | |
| Assign and revoke the organization manager role | No | No | Yes | |
1: Codacy can't distinguish the Bitbucket roles Read and Write because of a limitation on the Bitbucket API.
2: Joining an organization may need an approval depending on your setting for accepting new people.
3: These users can only see security items originating from Codacy repositories that they follow.
4: Audit logs are available only on Business plan.