Diversion uses a hierarchical access level system to control what users can do in a repository. Each level includes all the permissions of the levels below it.
Access Level Hierarchy
Admin > Write > Merge > Read
What Each Level Can Do
| Level | Description | Operations |
|---|
| Read | View only | Browse files, view commit history, see diffs, download files, review |
| Merge | Accept incoming changes | Accept non-conflicting changes from others during merge operations |
| Write | Modify files | Commit changes, resolve merge conflicts |
| Admin | Full control | |
Repository-Level vs Path-Level Access
Repository-level access is set when you invite a collaborator. This determines the maximum access level the user can have in the repository.
Granular permissions access uses granular permissions to control access for specific files or folders. For example, you can give someone Write access to the repository but restrict them to Read-only on sensitive paths.
Granular permissions only restrict access - they cannot grant higher access than the user’s repository-level permission. Once any granular permission rule exists in the repository, users without matching rules are denied all access by default.
Choosing the Right Level
| Use Case | Recommended Level |
|---|
| External reviewers or auditors | Read |
| Team members who receive updates but don’t directly modify files | Merge |
| Active team members who commit code | Write |
| Team leads and repository owners | Admin |
Start with the minimum access level needed. You can always grant additional access later.
