Skip to main content

Access permissions on GitHub

With roles, you can control who has access to your accounts and resources on GitHub Enterprise Cloud and the level of access each person has.

About access permissions on GitHub

To perform any actions on GitHub, such as creating a pull request in a repository or changing an organization's billing settings, a person must have sufficient access to the relevant account or resource. This access is controlled by permissions. A permission is the ability to perform a specific action. For example, the ability to delete an issue is a permission. A role is a set of permissions you can assign to individuals or teams.

Roles work differently for different types of accounts. For more information about accounts, see "Types of GitHub accounts."

Personal accounts

A repository owned by a personal account has two permission levels: the repository owner and collaborators. For more information, see "Permission levels for a personal account repository."

Organization accounts

Organization members can have owner, billing manager, or member roles. Owners have complete administrative access to your organization, while billing managers can manage billing settings. Member is the default role for everyone else. You can manage access permissions for multiple members at a time with teams. For more information, see:

Enterprise accounts

Enterprise owners have ultimate power over the enterprise account and can take every action in the enterprise account. Billing managers can manage your enterprise account's billing settings. Members and outside collaborators of organizations owned by your enterprise account are automatically members of the enterprise account, although they have no access to the enterprise account itself or its settings. For more information, see "Roles in an enterprise."

If an enterprise uses Enterprise Managed Users, members are provisioned as new personal accounts on GitHub and are fully managed by the identity provider. The managed user accounts have read-only access to repositories that are not a part of their enterprise and cannot interact with users that are not also members of the enterprise. Within the organizations owned by the enterprise, the managed user accounts can be granted the same granular access levels available for regular organizations. For more information, see "About Enterprise Managed Users."

Further reading