When App OAuth access restrictions are enabled, organization members cannot authorize App OAuth access to organization resources. Organization members can request owner approval for App OAuths they'd like to use, and organization owners receive a notification of pending requests.
Cuando creas una organización nueva, las restricciones de acceso de App OAuth se habilitan predeterminadamente. Los propietarios de las organizaciones pueden inhabilitar las restricciones de acceso de App OAuth en cualquier momento.
Tip: When an organization has not set up App OAuth access restrictions, any App OAuth authorized by an organization member can also access the organization's private resources.
When an organization owner sets up App OAuth access restrictions for the first time:
- Applications that are owned by the organization are automatically given access to the organization's resources.
- App OAuths immediately lose access to the organization's resources.
- SSH keys created before February 2014 immediately lose access to the organization's resources (this includes user and deploy keys).
- SSH keys created by App OAuths during or after February 2014 immediately lose access to the organization's resources.
- Hook deliveries from private organization repositories will no longer be sent to unapproved App OAuths.
- API access to private organization resources is not available for unapproved App OAuths. In addition, there are no privileged create, update, or delete actions on public organization resources.
- Hooks created by users and hooks created before May 2014 will not be affected.
- Private forks of organization-owned repositories are subject to the organization's access restrictions.
When an SSH key created before February 2014 loses access to an organization with App OAuth access restrictions enabled, subsequent SSH access attempts will fail. Users will encounter an error message directing them to a URL where they can approve the key or upload a trusted key in its place.
When an App OAuth is granted access to the organization after restrictions are enabled, any pre-existing webhooks created by that App OAuth will resume dispatching.
When an organization removes access from a previously-approved App OAuth, any pre-existing webhooks created by that application will no longer be dispatched (these hooks will be disabled, but not deleted).
If an organization disables App OAuth access application restrictions, and later re-enables them, previously approved App OAuth are automatically granted access to the organization's resources.
- "Enabling App OAuth access restrictions for your organization"
- "Approving App OAuths for your organization"
- "Reviewing your organization's installed integrations"
- "Denying access to a previously approved App OAuth for your organization"
- "Disabling App OAuth access restrictions for your organization"
- "Requesting organization approval for App OAuths"
- "Authorizing App OAuths"