...
As far as we can tell, the answer is “no,” outside collaborators should not be able to access any internal repositories by default because they do not get permissions to the organization itself, only individual repositories. From the Github documentation for collaborators [3], this is for a few reasons, such as:
Outside collaborators cannot be added to a team, team membership is restricted to members of the organization.
...
All enterprise members have read permissions to the internal repository, but internal repositories are not visible to people outside of the enterprise, including outside collaborators on organization repositories.
...
public: no issue here because anyone and everyone will have access anywaysprivate: by default, only the repository admins owners and enterprise admins will have access to the repository (see additional note about using Github teams for permissions)
...
if the desire is to have all repositories be
privatevisibility to eliminate the issue withinternal, but a number of people need read or write access to a large number of repositories, consider marking the visibility asprivateand then using Github teams to facilitate granting access:
For the Tufts-Technology-Services organization specifically:
If you want to use
privatevisibility to eliminate the issue withinternalbut still want to allow everyone in TTS to have read access to your repository in order to foster collaboration and reuse, you can assign read permissions to theTTS-All-MembersAD group.
Use an Organization Outside of the Enterprise
While this is technically possible, there are serious downsides, such as:
Losing access to all billing and other benefits of being part of the enterprise
Is likely to not conform to other institutional policies
The drawbacks of a separate organization as outlined in: Notes On Github Organizations
...