Authorization providers determine the level of access that users have to projects in LGTM Enterprise. You associate repository providers with an authorization provider and an authentication provider, and the authorization provider tells LGTM what information each authenticated user can access, for each project from the associated repository.
For example, if you're setting up LGTM Enterprise to analyze projects stored in a GitHub Enterprise installation, you will typically add GitHub Enterprise as an authentication provider, and then also add it as an authorization provider. Then, when you add GitHub Enterprise as a repository provider, you can associate it with the authentication and authorization providers for GitHub Enterprise. This ensures that users' access to projects in LGTM Enterprise matches the access they have in GitHub Enterprise.
LGTM includes two basic authorization providers—"public" and "private"—which you can use to provide full or restricted access to all projects from a repository provider. When you associate a repository provider with either the public or private authorization provider, the authorization level that's granted applies to all LGTM users.
You manage authorization providers from the
Defining an authorization provider
- Before you can add an authorization provider for an external system, you must first create an authentication provider for that system.
- You cannot create an authorization provider for Azure DevOps Server (previously called Team Foundation Server). Use the Public authorization provider with the Azure DevOps Server (TFS) repository provider. Note that the result is that all LGTM Enterprise users get the same access to projects from this repository provider.
After you have defined an authentication provider, you can define an authorization provider for the same external system. To add an authorization provider:
Integrationspage, click Add new authorization provider to display the Add new authorization provider page.
Choose an external system from the drop-down list.
Click Continue to display the detailed definition page for the new provider.
Define the provider details (in most cases these are supplied for you):
Key—a unique, alphabetic identifier
Display name—the name displayed in the main interface
URL—the URL for the external system
This field is not present for cloud-hosted services such as GitHub.com, GitLab.com, Bitbucket Cloud, and Azure DevOps Services (previously called VSTS).
Authentication provider—the authentication provider to use to check repository permissions for each user
Click Add to save the new authorization provider.
Each authorization provider that's external to LGTM Enterprise provides detailed authorization information. They report details of the repositories that are visible to each user with an account in the external system. This includes any public repositories, and all private repositories that the user has at least read access to. When a user logs in to LGTM using their external account, they have full access to any LGTM projects created for those repositories.
When a user does not have access to a repository in the external system, the resulting LGTM projects are treated as private projects. The user's default authorization level for these projects is restricted. Projects are also treated as private for users who do not have an account with the external system, or who log in to LGTM using a different account.
To find out more, see: