-
Notifications
You must be signed in to change notification settings - Fork 93
Github Team Management
Rene Tshiteya edited this page May 9, 2024
·
13 revisions
This page documents how FedRAMP PMO manages the on-boarding and off-boarding of developers, including internal FedRAMP developers, partner developers from other with federal agencies (e.g. GSA, NIST), or contractor teams actively contracted to continue work on artifacts in this repository.
Per TTS guidance recommended in ADR 3, the FedRAMP Automation work and repository use intentionally configured in the Github organization for GSA project. Within that organization, there is a hierarchy of teams.
-
GSA
organization-
fedramp-automation
team as a container for specific child teams below:- fedramp-oscal-maintainers team to maintain administrative control and overall continuity for different partner developers. This group includes federal employees in the FedRAMP PMO.
- fedramp-oscal-contributors team for developers that need write access to manage issues and feature branches. These users need to be a member of the GSA organization first.
-
- For new repositories:
- Create the repository, for this example scenario
fedramp-example-repo
using the Github user interface by accessing github.com/organizations/GSA/repositories/new.
- Create the repository, for this example scenario
- View the configuration page for repo permissions by accessing github.com/GSA/fedramp-example-repo/settings/access.
- Perform a user review and accordingly remove any users or groups that do not require permission to the repository.
- You must add
fedramp-oscal-contributors
team or a relevant project-specific development team with theWrite
role. - FOR NEW ADMINS ONLY: You must add fedramp-oscal-maintainers team with the
Admin
role.
- Confirm the user is part of the
GSA
organization.- If not, confirm the developer is following the Github user configuration standard
- Email GSA Github Support at [email protected] to request the user be added to the GSA organization.
- Confirm the user has accepted the invitation to the GSA organization.
- Add or request on your behalf that a member of the
fedramp-automation-admins
team add the user tofedramp-oscal-contributors
or a relevant project-specific team.- Confirm the user has accepted the invitation to the relevant FedRAMP Automation team.
- At the conclusion of a particular project, remove or request on your behalf that a member of fedramp-oscal-maintainers team remove the user from the
fedramp-oscal-contributors
or a relevant project-specific team. - If the user is a contractor or external partner, and all contract or inter-agency work is complete, email GSA Github Support at [email protected] to request the user be removed from the GSA organization.