Previously, a user with Github “read” permissions was able to see and edit a project’s settings in CircleCI.
Starting on Sunday, we noticed that this expectation was broken.
For example. this page https://circleci.com/gh/Clever/kayvee-js/edit no longer loads
GET https://circleci.com/api/v1.1/project/github/Clever/kayvee-js/settings 403 (Forbidden)
Has there been an update to change this behavior?
Hello Nathan,
In the name of security, we’ve changed the behavior so that readonly users do not have access to your project settings – this is to prevent them from seeing environment variables or modifying the build.
It looks like you also submitted a support ticket, so I will respond there.
We have a way to re-enable the previous behavior on a case-by-case basis.
Anyone else who finds this, please submit a support request by emailing support@circleci.com and we will help you.
Best, Zak