Help Center/ CodeArts Repo/ Service Overview/ Security/ Authentication and Access Control
Updated on 2024-07-10 GMT+08:00

Authentication and Access Control

Authentication

Regardless of whether you access CodeArts Repo through the management console or APIs, CodeArts Repo uses Identity and Access Management (IAM) for authentication.

CodeArts Repo supports two authentication modes:

  • Token authentication: Requests are authenticated using a token.
  • AK and SK authentication: Requests are encrypted using an Access Key ID (AK) / Secret Access Key (SK). This method is recommended because it provides higher security than token-based authentication.

For more authentication details, see Authentication.

Access Control

  1. IAM Permission Management

    Permission management is a fine-grained authorization based on roles and permissions. Different operation permissions are assigned to different roles based on their work requirements. Users can access only authorized resources.

    Roles in CodeArts Repo include the repository administrator, creator, committer, developer, and viewer.

    • The repository administrator, creator, or committer can manage repository members, update code, and configure repositories.
    • Developers can update repository code and browse the repository member list.
    • Viewers can view and comment on repositories.
  2. IP Address Whitelist Control
    • IP address whitelists enhance repository security by restricting access to repositories by IP address.
    • You can access repositories only from whitelisted IP addresses. Access requests from other IP addresses are rejected.
    • IP address whitelists include tenant-level IP address whitelists and repository-level IP address whitelists, and their priorities can be configured.

    For details about how to configure the IP address whitelist, see IP Address Whitelist.

  3. Repository Locking

    When a new software version is ready for release, administrators can lock the repository to protect it from being compromised. After the repository is locked, no one (including the administrators) can commit code to any of its branches.

    For details about how to lock a repository, see Repository Locking.

  4. Protected Branch Management

    Protected branches prevent pushes to the branches and prevent the branches from being incorrectly deleted.

    • Secure branches and allow developers to use merge requests to merge code.
    • Prevent non-administrators from pushing code.
    • Prevent all forcibly push to this branch.
    • Prevent anyone from deleting this branch.

    For details about how to configure branch protection, see Protected Branches.

  5. O&M SOD

    The purpose is to standardize O&M scripts throughout the development, test, and release process (including script development, code review, manual test, integration acceptance, release review, script rollout, and version management). Promote and strengthen standardized operation management to ensure process, security, and quality compliance.

  6. Isolation Between Firewalls and VPCs

    CodeArts Repo uses firewalls and VPCs to isolate networks and resources between tenants.