Repository Governance

Good governance is boring by design: explicit ownership, narrow access, and regular cleanup.

Governance baseline

Keep repository owners/admins minimal.
Treat INTERNAL and GUEST as distinct trust levels.
Prefer repo groups for repeated access patterns.
Time-box external collaboration and remove stale memberships.

Scope rules that prevent incidents

Grant repo access only for repos users actively need.
Use folder/item permissions inside repos to keep least privilege.
Do not rely on old links, assumptions, or verbal agreements as access control.

Change management

When changing tenant slug, repo placement, or broad memberships:

communicate change window
apply change in smallest viable step
verify with direct route/open tests
review audit data after change

Review cadence

Weekly:

guest invites and guest memberships
recent owner/admin changes

Monthly:

repo-by-repo membership review
group membership drift cleanup
audit sample for high-sensitivity repositories

Tenant Invites and Roles

Troubleshooting