Best practices for managing permissions in private package repositories

How do you handle permissions around private package repositories like artifactory? I’m curious if each team has their own repository if you have one shared repository and the permissions around that :thinking_face:

Depends on the project and workflow, but one shared repo for everything is definitely bad idea

Repo per product is the most common one