A full ACL system is built directly into Apex providing the functionality to control exactly who has access to your various repositories.
There are three different types of access:
- manager - Full access to all repositories, plus the ability to grant and revoke access privileges to others.
- package - Commit access to a single code repository.
- branch - Commit access to a single branch on a single code repository.
This does not apply to the access type of manager, but if the access type is package or branch there are four different access levels:
- admin - Full control over the repository including ability to grant / revoke access.
- maintainer - Provides maintainer access according to the settings within the package.yml file.
- team - Provides team access according to the settings within the package.yml file.
- readonly - Provides read only access to the package / branch, but not commit access.
Due to the secure nature of the network via x.509 certificates in order to unilaterally grant access a user must already have an x.509 certificate signed by you. If the user does not already have one, then they must request access instead of you granting it.
A user can request access via either the acl request-manager, acl request-package, or acl request-branch CLI commands. Once requested, you may approve or deny the request using the acl pending CLI command by running:
apex acl pending
If granted, your SSH key will be used to sign the CSR within the request and grant the user a signed x.509 certificate, plus will provide the requested access. Once a user has a x.509 certificate signed by you, all future access can be unilaterally granted via the acl grant-manager, acl grant-package or acl grant-branch CLI commands.
For all available CLI commands, please visit the acl CLI commands section of the documentation.