About roles in an enterprise
All users that are part of your enterprise have one of the following roles.
- Enterprise owner: Can manage all enterprise settings, members, and policies
- Billing manager: Can manage enterprise billing settings
- Enterprise member: Is a member or owner of any organization in the enterprise
- Guest collaborator: Can be granted access to repositories or organizations, but has limited access by default (Enterprise Managed Users only)
For information about which users consume a license, see About per-user pricing.
People with collaborator access to repositories are listed in your enterprise's "People" tab, but are not enterprise members and do not have access to the enterprise. See Roles in an organization.
How do I assign roles?
If you use an enterprise with personal accounts:
- People become enterprise members when they are added as a member or owner of an organization. See Inviting users to join your organization.
- You can invite someone to become an enterprise owner or billing manager. See Inviting people to manage your enterprise.
If you use an enterprise with managed users:
- You must provision all users through your identity provider (IdP).
- You select each user's enterprise role using your IdP. The role cannot be changed on GitHub.
- To assign the guest collaborator role, you may need to update your IdP.
For more information about the different types of enterprise accounts, see Choosing an enterprise type for GitHub Enterprise Cloud.
Enterprise owners
Enterprise owners have complete control over the enterprise and can take every action, including:
- Managing administrators
- Adding and removing organizations
- Removing enterprise members from all organizations
- Managing enterprise settings
- Enforcing policy across organizations
- Managing billing settings
For security, we recommend making only a few people enterprise owners.
Enterprise owners do not have access to organization settings or content by default, but they can gain access by joining any organization. See Managing your role in an organization owned by your enterprise.
Billing managers
Billing managers only have access to your enterprise's billing settings. They can:
- View and manage user licenses, usage-based billing, and other billing settings
- View a list of billing managers
- Add or remove other billing managers
Billing managers do not have access to organization settings or content by default except for internal repositories within an enterprise in which they are a member.
Enterprise members
Members of organizations owned by your enterprise are automatically members of the enterprise.
Enterprise members:
- Cannot access or configure enterprise settings.
- Can access all repositories with "internal" visibility across any organization in the enterprise. See About repositories.
- May have different levels of access to various organizations and repositories. To view the resources someone has access to, see Viewing people in your enterprise.
Guest collaborators
Note
The guest collaborator role is only available with Enterprise Managed Users.
You can use the guest collaborator role to grant limited access to vendors and contractors. Guest collaborators:
- Are provisioned by your IdP, like all managed user accounts.
- Can be added as organization members or as collaborators in repositories.
- Cannot access internal repositories in the enterprise, except in organizations where they're added as a member.
You may need to update your IdP application to use guest collaborators. See Enabling guest collaborators.