About organization roles
You can have more granular, scalable control over the access you grant to your organization's resources using organization roles. Organization roles grant an organization member or team the ability to take specific actions or manage some settings without granting full administrative control of the organization and its repositories.
In addition to pre-defined roles, you can also create up to 10 custom roles that define groups of permissions. For more information, see "About custom organization roles."
About pre-defined organization roles
Pre-defined organization roles are roles that are available by default in every organization. You don't need to create them yourself. They can include both organization permissions that let the recipient manage the organization, as well as repository permissions that apply to all of the repositories in the organization. The following pre-defined roles are built into every organization based on common patterns of permissions organizations usually need.
The current set of pre-defined roles are:
- All-repository read: Grants read access to all repositories in the organization.
- All-repository write: Grants write access to all repositories in the organization.
- All-repository triage: Grants triage access to all repositories in the organization.
- All-repository maintain: Grants maintenance access to all repositories in the organization.
- All-repository admin: Grants admin access to all repositories in the organization.
- CI/CD admin: Grants admin access to manage Actions policies, runners, runner groups, hosted compute network configurations, secrets, variables, and usage metrics for an organization.
- Security manager: Grants the ability to manage security policies, security alerts, and security configurations for an organization and all its repositories.
Viewing organization role permissions
- In the upper-right corner of GitHub, select your profile photo, then click Your organizations.
- Next to the organization, click Settings.
- In the "Access" section of the left sidebar, click Organization roles. Then click Role management.
- To the right of any role, click .
- Optionally, to hide the role permissions again, click .
Assigning an organization role
The "Manage custom organization roles" permission does not allow a user to assign an organization role.
A user or team can have multiple organization roles. However, you can only assign one role at a time. To assign multiple roles to the same user or team, repeat the following instructions for each role you want to assign.
- In the upper-right corner of GitHub, select your profile photo, then click Your organizations.
- Next to the organization, click Settings.
- In the "Access" section of the sidebar, click Organization roles, then click Role assignments.
- Click New role assignment.
- Search for users or teams that you want to assign a role to, then select the role you want to give to these users and teams.
- Click Add new assignment.
Viewing organization role assignments
- In the upper-right corner of GitHub, select your profile photo, then click Your organizations.
- Next to the organization, click Settings.
- In the "Access" section of the sidebar, click Organization roles, then click Role assignments.
- Optionally, to filter by role assignments for users, click the Users tab. To filter by role assignments for teams, click the Teams tab.
- To view role assignments, to the right of the user or team, click NUMBER roles.
Deleting an organization role assignment
- In the upper-right corner of GitHub, select your profile photo, then click Your organizations.
- Next to the organization, click Settings.
- In the "Access" section of the sidebar, click Organization roles, then click Role assignments.
- Optionally, to filter by role assignments for users, click the Users tab. To filter by role assignments for teams, click the Teams tab.
- To delete a role, to the right of the role, click NUMBER roles. Then click Remove.
- In the pop-up window, click Remove.