User with "read" Github access can no longer view project settings

Previously, a user with Github “read” permissions was able to see and edit a project’s settings in CircleCI.
Starting on Sunday, we noticed that this expectation was broken.

For example. this page no longer loads

GET 403 (Forbidden)

Has there been an update to change this behavior?

Hello Nathan,

In the name of security, we’ve changed the behavior so that readonly users do not have access to your project settings – this is to prevent them from seeing environment variables or modifying the build.

It looks like you also submitted a support ticket, so I will respond there.

We have a way to re-enable the previous behavior on a case-by-case basis.

Anyone else who finds this, please submit a support request by emailing and we will help you.

Best, Zak

1 Like