User with "read" Github access can no longer view project settings

github

#1

Previously, a user with Github “read” permissions was able to see and edit a project’s settings in CircleCI.
Starting on Sunday, we noticed that this expectation was broken.

For example. this page https://circleci.com/gh/Clever/kayvee-js/edit no longer loads

GET https://circleci.com/api/v1.1/project/github/Clever/kayvee-js/settings 403 (Forbidden)

Has there been an update to change this behavior?


#2

Hello Nathan,

In the name of security, we’ve changed the behavior so that readonly users do not have access to your project settings – this is to prevent them from seeing environment variables or modifying the build.

It looks like you also submitted a support ticket, so I will respond there.

We have a way to re-enable the previous behavior on a case-by-case basis.

Anyone else who finds this, please submit a support request by emailing support@circleci.com and we will help you.

Best, Zak


#3