Repo Access (Internal vs Guest)

Repo membership is explicit. Users only access repos they are assigned to.

Add user to repo(s)

From tenant detail Repo access:

  1. enter email
  2. choose kind (INTERNAL or GUEST)
  3. select repo scope
  4. set password only when creating a new non-guest user

Behavior notes:

  • INTERNAL: supports company-home posture
  • GUEST: repo-scoped posture; invitation flow may be used
  • For guest creation, select exactly one repo

Add existing users

For existing users, you can update memberships without creating a new account:

  • use tenant-local user picker, or
  • use email with empty password to resolve existing user when supported

Maintain memberships

Membership table supports:

  • kind change (INTERNAL/GUEST)
  • membership removal per repo

Critical caveat:

  • changing membership kind does not automatically rewrite user primary_tenant_id.

Treat home-tenant changes as a separate operation in platform user management.

Access hygiene checklist

  • Assign minimum repo set.
  • Prefer explicit review after temporary guest access.
  • Remove stale memberships rather than relying on convention.
Previous
Provision Tenant and Owner
Next
Manage Global Users