Repository Permissions

Source Control and Repository Permissions

When setting up your Source Control integration within the Pandium Integration Hub, you’ll be logging into your repository of choice as part of the process. Currently, we support four different platforms: Azure, Bitbucket, GitHub and GitLab. Please contact Pandium support if you are utilizing a different system.

For each of these systems, you’ll need to ensure that Pandium has the proper read and write permissions to access and modify relevant files within your repository. Once properly authenticated, the Connect button will change to Disconnect on the Source Control setting page, and you can continue developing integrations.

Why Read and Write?

Pandium needs read access in order to pull the integration code and build an executable to run your code on our platform. Write access is necessary for initial repository setup if you would like Pandium to pre-seed quickstart code for your integration. Pandium users will often setup Pandium specific repositories for their integrations and even setup users with specific organization permissions to ensure Pandium only has access to your integration repositories.

Below you’ll find the specific permissions required for each repository:


Required permissions for setting up Github are the following:

  • Repo scope access - "Grants full access to private and public repositories. That includes read/write access to code, commit statuses, repository and organization projects, invitations, collaborators, adding team memberships, deployment statuses, and repository webhooks for public and private repositories and organizations. It also grants the ability to manage user projects."

To learn more about Github’s permissions, check out their docs here.


Required permissions for setting up Gitlab are the following:

  • API access - "Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry."

  • Read repository access - "Grants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API."

  • Write repository access - "Grants read-write access to repositories on private projects using Git-over-HTTP (not using the API)."

To look further into Gitlab permissions, check out their docs here.

Azure DevOps

Required permissions for setting up Azure are the following:

  • Scope access of vso.code_full - “Grants full access to source code, metadata about commits, changesets, branches, and other version control artifacts. Also grants the ability to create and manage code repositories, create and manage pull requests and code reviews, and to receive notifications about version control events via service hooks. Also includes limited support for Client OM APIs.”

To learn more about various permissions for Azure DevOps with OAuth2, check out the page here.


Required permissions for setting up Bitbucket are the following:

  • Full Read access

  • Full Write access

Learn more about Bitbucket permissioning here.

Last updated