About roles
To perform any actions on GitHub, such as creating a pull request in a repository or changing an organization's billing settings, a person must have sufficient access to the relevant account or resource. This access is controlled by permissions. A permission is the ability to perform a specific action. For example, the ability to delete an issue is a permission. A role is a set of permissions you can assign to individuals or teams.
Repository-level roles give organization members, outside collaborators and teams of people varying levels of access to repositories. For more information, see "Repository roles for an organization."
Team-level roles are roles that give permissions to manage a team. You can give any individual member of a team the team maintainer role, which gives the member a number of administrative permissions over a team. For more information, see "Assigning the team maintainer role to a team member."
Organization-level roles are sets of permissions that can be assigned to individuals or teams to manage an organization and the organization's repositories, teams, and settings. For more information about all the roles available at the organization level, see "About organization roles."
About organization roles
You can assign individuals or teams to a variety of organization-level roles to control your members' access to your organization and its resources. For more details about the individual permissions included in each role, see "Permissions for organization roles."
Organization owners
Organization owners have complete administrative access to your organization. 此角色应限于组织中的少数几个人,但不少于两人。 更多信息请参阅“管理组织的所有权连续性”。
组织成员
The default, non-administrative role for people in an organization is the organization member. By default, organization members have a number of permissions, including the ability to create repositories and project boards.
帐单管理员
Billing managers are users who can manage the billing settings for your organization, such as payment information. This is a useful option if members of your organization don't usually have access to billing resources. For more information, see "Adding a billing manager to your organization."
Security managers
Note: The security manager role is in public beta and subject to change. This feature is not available for organizations using legacy per-repository billing plans.
Security manager is an organization-level role that organization owners can assign to any team in an organization. When applied, it gives every member of the team permissions to manage security alerts and settings across your organization, as well as read permissions for all repositories in the organization.
If your organization has a security team, you can use the security manager role to give members of the team the least access they need to the organization. For more information, see "Managing security managers in your organization."
GitHub 应用程序 管理员
默认情况下,只有组织所有者才可管理组织拥有的 GitHub 应用程序 的设置。 要允许其他用户管理组织拥有的 GitHub 应用程序,所有者可向他们授予 GitHub 应用程序 管理员权限。
指定用户为组织中 GitHub 应用程序 的管理员时,您可以授予他们对组织拥有的部分或全部 GitHub 应用程序 的设置进行管理的权限。 更多信息请参阅:
外部协作者
在允许访问仓库时,为确保组织数据的安全,您可以添加外部协作者。 外部协作者是有权访问一个或多个组织仓库但未明确成为该组织成员的人, 例如顾问或临时员工。 更多信息请参阅:
Permissions for organization roles
下面列出的一些功能仅限于使用 GitHub Enterprise Cloud 的组织。 For more information about how you can try GitHub Enterprise Cloud for free, see "Setting up a trial of GitHub Enterprise Cloud."
| Organization permission | 所有者 | 成员 | 帐单管理员 | Security managers |
|---|---|---|---|---|
| 创建仓库(详细信息请参阅“限制在组织中创建仓库”) | X | X | X | |
| 查看和编辑帐单信息 | X | X | ||
| 邀请人员加入组织 | X | |||
| 编辑和取消邀请加入组织 | X | |||
| 从组织删除成员 | X | |||
| 恢复组织的前成员 | X | |||
| 添加和删除所有团队的人员 | X | |||
| 将组织成员升级为团队维护员 | X | |||
| 配置代码审查分配(请参阅“管理团队的代码审查分配”) | X | |||
| 设置预定提醒(请参阅“管理拉取请求的预定提醒”) | X | |||
| 添加协作者到所有仓库 | X | |||
| 访问组织审核日志 | X | |||
| 编辑组织的资料页面(详细信息请参阅“关于组织的资料”) | X | |||
| 验证组织的域(详细信息请参阅“验证组织的域”) | X | |||
| 将电子邮件通知限于已经验证或批准的域名(有关详细信息,请参阅“限制组织的电子邮件通知”) | X | |||
| 删除所有团队 | X | |||
| 删除组织帐户,包括所有仓库 | X | |||
| 创建团队(详细信息请参阅“在组织中设置团队创建权限”) | X | X | X | |
| 在组织的层次结构中移动团队 | X | |||
| 创建项目板(详细信息请参阅“组织的项目板权限”) | X | X | X | |
| 查看所有组织成员和团队 | X | X | X | |
| @提及任何可见团队 | X | X | X | |
| 可成为团队维护员 | X | X | X | |
| 查看组织洞见(详细信息请参阅“查看用于组织的洞见”) | X | X | X | |
| 查看并发布公共团队讨论到所有团队(详细信息请参阅“关于团队讨论”) | X | X | X | |
| 查看并发布私有团队讨论到所有团队(详细信息请参阅“关于团队讨论”) | X | |||
| 编辑和删除所有团队的团队讨论(详细信息请参阅“管理破坏性评论”) | X | |||
| 隐藏对提交、拉取请求和议题的评论(详细信息请参阅“管理破坏性评论”) | X | X | X | |
| 对组织禁用团队讨论(详细信息请参阅“对组织禁用团队讨论”) | X | |||
| 管理组织依赖项洞见的显示(详细信息请参阅“更改组织依赖项洞见的可见性”) | X | |||
| 设置所有团队的团队头像(详细信息请参阅“设置团队的头像”) | X | |||
| 赞助帐户和管理组织的赞助(更多信息请参阅“赞助开源贡献者”) | X | X | X | |
| 管理赞助帐户的电子邮件更新(更多信息请参阅“管理组织赞助帐户的更新”) | X | |||
| 将您的赞助归因于另一个组织(更多信息请参阅“将赞助归因于组织”) | X | |||
| 管理从组织中的仓库发布 GitHub Pages 站点(请参阅“管理组织的 GitHub Pages 站点发布”了解详细信息) | X | |||
| 管理安全性和分析设置(详情请参阅“管理组织的安全性和分析设置”) | X | X | ||
| View the security overview for the organization (see "About the security overview" for details) | X | X | ||
| 启用并实施 SAML 单点登录 | X | |||
| 管理用户对组织的 SAML 访问 | X | |||
| 管理组织的 SSH 认证中心(详细信息请参阅“管理组织的 SSH 认证中心”) | X | |||
| 转让仓库 | X | |||
| 购买、安装、管理其帐单以及取消 GitHub Marketplace 应用程序 | X | |||
| 列出 GitHub Marketplace 中的应用程序 | X | |||
| 接收所有组织仓库关于易受攻击的依赖项的 Dependabot 警报 | X | X | ||
| 管理 Dependabot 安全更新(请参阅“关于 Dependabot 安全更新”) | X | X | ||
| 管理复刻策略 | X | |||
| 限制组织中公共仓库的活动 | X | |||
| Pull (read) all repositories in the organization | X | X | ||
| Push (write) and clone (copy) all repositories in the organization | X | |||
| 将组织成员转换为外部协作者 | X | |||
| 查看对组织仓库具有访问权限的人员 | X | |||
| 导出具有组织仓库访问权限人员的列表 | X | |||
| 管理默认分支名称(请参阅“管理组织中仓库的默认标签”) | X | |||
| 管理默认标签(请参阅“管理组织中仓库的默认标签”) | X | |||
| 启用团队同步(详情请参阅“管理组织的团队同步”) | X |