Can a client own their netlify account but connect to a repo I own

From what I can tell from experimenting it seems like the best way to do this is to create a new account for the client with their email address and authorize my github account and connect it to the proper repository. This would allow for the client to see their form submissions and pay for any increases in functionality on the Netlify side themselves.

While my github is authorized it would only connect to this one repository so it is safe to use in this manner. It appears the only restriction would be to try to connect two different Netlify accounts to the same repository.

Since I haven’t completely traveled down this path, if anyone that see any pitfalls in my plan let me know I would love to just make sure this is safe.

4 Likes

hey @mrispoli24 - just letting you know i moved this into a different category where it fits a bit better :slight_smile:

Hi,

Sure, any repo you can link to your own Netlify site, you can link to any Netlify site. There’s no restriction based on the account owner.

If you need access to the account then you would have to either create a team for the client or just use their starter team and add you as a member.

Hi,

so, something is not clear to me with the @mrispoli24 approach.
Let’s say I create a team for a client and authorize its site to have access to a specific repo on my Github account, so far so good.

Now, let’s say my client is a funny guy and he goes :

Settings>Builds&Deploy>Build Settings and links it’s site to another repo, which I have granted access to using the Netlify GitHub App.

How to prevent that?

The safest solution I see here is to have a client’s Team on Netlify as well as a client’s GitHub account to connect the repo to.

Am I missing something(as I often do :blush: )?

1 Like

I agree that the safest and also ideal solution is to have the github repo and netlify site both owned by the client. However, in some situations, what @mrispoli24 described is how things need to be, I guess.

In any case, I don’t think you were missing anything. :+1:

1 Like

I’m facing this same problem.

I have a client with their own Netlify account. I want to deploy a site from a repo on my GitHub account, however I don’t want them to have access to deploy any of my other repositories. Can I allow permissions on a per repo basis or is this simply not possible? At the minute it’s looking like I need them to create their own Github account that they don’t know how to use; I have to then sign in on their behalf and manage permissions and such to allow me to work on it using my Github account? Seems wrong so any light shed on this would be much appreciated.

1 Like

Hey @arsmth,
If you have access to the Netlify account, you can log in and grant access to the one GitHub repo you want to grant access to. Our docs explain:

Scoped repository access. You can choose to grant access to all repositories belonging to your GitHub user or organization, or to specific repositories only. There is no need for special organization-level settings as was previously required for OAuth apps.

Let us know if this answers your question or if we can help further!

1 Like

Thanks for the response, I read that page but didn’t find it clear enough. The scoped access also restricts my personal Netlify account, am I doing something wrong? I want the client to only have access to 1 repository while I can personally access all.

hey @arsmth -

Thanks for your feedback! We are looking at this now and are going to see if we can make this clearer.

In the mean time, as long as you are not sharing github logins, each person will need to authenticate separately, so people should only have access to the sites they are intended to.

1 Like

Hey @perry, @jen,

Thanks for the link to the documentation. That’s helpful, but unless I’m missing something I’m not sure it addresses the challenge of safely exposing repository access when you have multiple clients and a single Github account/organisation.

I have multiple clients, each with a repository in a single GitHub organisation, and each with their own Netlify accounts. I want to be able to grant access from each client Netlify account to just their repository within the Github organisation. However, whilst the GitHub App allows me specify an allow-list of ‘Only select repositories’ I believe that will still expose the client A’s repo to client B (and vice versa) if they are both to be linked on Netlify?

Is that correct, and if so, is there anyway around this without having to use separate GitHub organisations for each client?

Hopefully that’s clear. Let me know if not.

Thanks,
Tom

1 Like

I think you are a bit confused about our permissions, @tommarshall, so let me try to clarify:

  • Netlify only limits access to our admin UI as you have configured in your team members settings page (docs here: Manage team members | Netlify Docs). Team members who are single-site collaborators will have to be invited to the site you’ve already made (and cannot create new sites on your team, requiring access to configure a repo), so either: you link the repo before they get there, or they link the repo after they get there, but either way…
  • Github controls access to repositories; we don’t. You have to expose repository access THERE, not at Netlify.

I think this should point to “I will only be able to limit Netlify logins to sites, not repositories” from Netlify’s side" and hopefully you can find a solution within that, but do let me know if not!

3 Likes

I’m very curious about your current workflow for how to manage websites for clients ranging from relatively simple portfolio websites to small start-ups. Assuming you are actually still doing it of course. I myself like to get started as a part-time web developer. However after reviewing the Netlify pricing it is unclear to me what kind of account I need to setup for them. Can they use their own free starter account for a portfolio website? Because I don’t think I can convince them to pay $20 every month ($240/year ) for the pro account just a static site without lambda functions and all that stuff. I probably going to open a new topic on this separately as I cannot really find a definite answer on the forum here but I would very much appreciate it even if you have some small bits of info or tips.

Your client owns the code… Hence, it’s more natural that the client owns the GitHub repository and give you access to said repository.

That you as a developer are the official founder and owner of a repository and codebase your client owns, is just messy to begin with, with or without Netlify.

So let’s say I have a client with their own Netlify account.

  1. They invite me as a collaborator
  2. I create the site in their Netlify account, connecting to my private GitHub repo
  3. I can then safely be removed as a member while the client keeps the site. The site keeps getting updates when changes are merged to the main branch.

Is that correct?

I saw this in the documentation:

When you remove a user from a team on Netlify, the user only loses access to the Netlify team they are removed from. Git provider teams and permissions are managed separately.

1 Like

Hi @EddyVinckBW, :wave:t6: Welcome to the forums!

Yes, that is correct. They can invite you as a collaborator and then you create the site connected through your private repo.

2 Likes

Great! Thanks for getting back to me so quickly!

If I understand this correctly, billing for outside collaborator netlify accounts linked to a GitHub organisation is the responsibility of the collaborator?

For example, in a situation where I manage an organisation account (which happens to have an open source netlify account for deploys on a separate site) and invite several teams of outside collaborators to maintain individual repositories: If one collaborator from each team links their Netlify account for pull request previews or site deploys, then the minutes accrued for the deploys are on the individual contributor account and not the organisation. Is that correct?

Hey @zkamvar,

I’m not sure if I understand this correctly, but in short each Netlify account’s owner is responsible for the billing on that team. I think the confusion here is arising because for you a collaborator is on your repo, but for us a collaborator might mean a member on your team.

Is that correct? If not, please feel free to rephrase your situation.

1 Like

Thank you for the response. Yes, in this case, when I refer to collaborator, I mean a collaborator on the GitHub repository who wants to request Netlify integration to that repository from their Netlify account.

Thus (if I understand this correctly), if I have a hundred such repositories with access granted for a hundred different netlify accounts, the resource usage accrued will not affect our netlify account. We only accrue resource usage with repositories connected with our netlify account.

That is correct. Your account will only be responsible for sites in that account. The repo can be connected to several other Netlify sites on different Netlify accounts, and your account won’t be responsible for charges accumulated by them.