Roles in an enterprise

In this article

Everyone in an enterprise is a member of the enterprise. To control access to your enterprise's settings and data, you can assign different roles to members of your enterprise.

About roles in an enterprise

Everyone in an enterprise is a member of the enterprise. You can also assign administrative roles to members of your enterprise. Each administrator role maps to business functions and provides permissions to do specific tasks within the enterprise.

Currently, there are two administrative roles available in enterprises: enterprise owners, who can access and manage all settings across the enterprise, and billing managers, who can access and manage only the enterprise's billing settings. Enterprise owners can also see all of the members and outside collaborators for every organization owned by the enterprise.

If your enterprise does not use Enterprise Managed Users, you can invite someone to an administrative role using a user account on GitHub Enterprise Cloud that they control. For more information, see "Inviting people to manage your enterprise."

In an enterprise using Enterprise Managed Users, new owners and members must be provisioned through your identity provider. Enterprise owners and organization owners cannot add new members or owners to the enterprise using GitHub. You can select a member's enterprise role using your IdP and it cannot be changed on GitHub. You can select a member's role in an organization on GitHub. For more information, see "About Enterprise Managed Users."

Enterprise owners

Enterprise owners have complete control over the enterprise and can take every action, including:

  • Managing administrators
  • Adding and removing organizations to and from the enterprise
  • Removing enterprise members from all organizations owned by the enterprise
  • Managing enterprise settings
  • Enforcing policy across organizations
  • Managing billing settings

Enterprise owners do not have access to organization settings or content by default. To gain access, enterprise owners can join any organization owned by their enterprise. For more information, see "Managing your role in an organization owned by your enterprise."

Owners of organizations in your enterprise do not have access to the enterprise itself unless you make them enterprise owners.

An enterprise owner will only consume a license if they are an owner or member of at least one organization within the enterprise. Even if an enterprise owner has a role in multiple organizations, they will consume a single license. Enterprise owners must have a personal account on GitHub. As a best practice, we recommend making only a few people in your company enterprise owners, to reduce the risk to your business.

Enterprise members

Members of organizations owned by your enterprise are also automatically members of the enterprise. Members can collaborate in organizations and may be organization owners, but members cannot access or configure enterprise settings, including billing settings.

People in your enterprise may have different levels of access to the various organizations owned by your enterprise and to repositories within those organizations. You can view the resources that each person has access to. For more information, see "Viewing people in your enterprise."

For more information about organization-level permissions, see "Roles in an organization."

People with outside collaborator access to repositories owned by your organization are also listed in your enterprise's People tab, but are not enterprise members and do not have any access to the enterprise. For more information about outside collaborators, see "Roles in an organization."

Billing managers

Billing managers only have access to your enterprise's billing settings. Billing managers for your enterprise can:

  • View and manage user licenses, Git LFS packs and other billing settings
  • View a list of billing managers
  • Add or remove other billing managers

Billing managers will only consume a license if they are an owner or member of at least one organization within the enterprise. Billing managers do not have access to organizations or repositories in your enterprise, and cannot add or remove enterprise owners. Billing managers must have a personal account on GitHub.

About support entitlements

To open, view, and comment on support tickets associated with an enterprise account, you must have support entitlements for the enterprise. Enterprise owners and billing managers automatically have a support entitlement, and enterprise owners can add support entitlements to enterprise members. For more information, see "Managing support entitlements for your enterprise."

Note: Any organization member can create tickets associated with an individual organization that is owned by an enterprise account. Support entitlements are only required to create tickets associated with the enterprise account itself.

Further reading