Authentication and Access Control
Authentication
Regardless of whether you access CodeArts Repo through the management console or APIs, CodeArts Repo uses Identity and Access Management (IAM) for authentication.
CodeArts Repo supports two authentication modes:
- Token authentication: Requests are authenticated using a token.
- AK and SK authentication: Requests are encrypted using an Access Key ID (AK) / Secret Access Key (SK). This method is recommended because it provides higher security than token-based authentication.
For more authentication details, see Authentication.
Access Control
- IAM permission management
Permission management is a fine-grained authorization based on roles and permissions. Different operation permissions are assigned to different roles based on their work requirements. Users can access only authorized resources.
Roles in CodeArts Repo include the repository administrator, creator, committer, developer, and viewer.
- The repository administrator, creator, or committer can manage repository members, update code, and configure repositories.
- Developers can update repository code and browse the repository member list.
- Viewers can view and comment on repositories.
- IP address whitelist control
- IP address whitelists enhance repository security by restricting access to repositories by IP address.
- You can access repositories only from whitelisted IP addresses. Access requests from other IP addresses are rejected.
- IP address whitelists include tenant-level IP address whitelists and repository-level IP address whitelists, and their priorities can be configured.
For details about how to configure the IP address whitelist, see IP Address Whitelist.
- Repository Locking
When a new software version is ready for release, administrators can lock the repository to protect it from being compromised. After the repository is locked, no one (including the administrators) can commit code to any of its branches.
For details about how to lock a repository, see Repository Locking.
- Protected Branch Management
Protected branches prevent pushes to the branches and prevent the branches from being incorrectly deleted.
- Secure branches and allow developers to use merge requests to merge code.
- Prevent non-administrators from pushing code.
- Prevent all forcibly push to this branch.
- Prevent anyone from deleting this branch.
For details about how to configure branch protection, see Protected Branches.
- O&M SOD
The purpose is to standardize O&M scripts throughout the development, test, and release process (including script development, code review, manual test, integration acceptance, release review, script rollout, and version management), promote and strengthen standardized operation management, and ensure process, security, and quality compliance.
- Isolation Between Firewalls and VPCs
CodeArts Repo uses firewalls and VPCs to isolate networks and resources between tenants.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
