Skip to main content

About custom organization roles

You can control access to your organization's settings with custom organization roles.

Note: Only organizations that use GitHub Enterprise Cloud can create custom organization roles. For more information about how you can try GitHub Enterprise Cloud for free, see "Setting up a trial of GitHub Enterprise Cloud."

About custom organization roles

You can have more granular control over the access you grant to your organization's settings by creating custom organization roles. A custom organization role is a way to grant an organization member the ability to administer certain subsets of settings without granting full administrative control of the organization and its repositories. For example, you could create a role that contains the "View organization audit log" permission.

You can create and assign custom organization roles in your organization's settings. You can also manage custom roles using the REST API. For more information, see "Managing custom organization roles."

Organization permissions do not grant read, write, or administrator access to any repositories. Some permissions may implicitly grant visibility of repository metadata, as marked in the table below.

To granularly control access to your organization's repositories, you can create a custom repository role. For more information, see "About custom repository roles."

Permissions for custom roles

When you include a permission in a custom organization role, any users with that role will have access to the corresponding settings via both the web browser and API. In the organization's settings in the browser, users will see only the pages for settings they can access.

PermissionDescriptionMore information
Manage custom organization rolesAccess to create, view, update, and delete custom organization roles within the organization. This permission does not allow a user to assign custom roles."Managing custom organization roles"
View organization rolesAccess to view the organization's custom organization roles."Managing custom organization roles"
Manage custom repository rolesAccess to create, view, update, and delete the organization's custom repository roles."Managing custom repository roles for an organization"
View custom repository rolesAccess to view the organization's custom repository roles."Managing custom repository roles for an organization"
Manage organization webhooksAccess to register and manage webhooks for the organization. Users with this permission will be able to view webhook payloads, which may contain metadata for repositories in the organization."REST API endpoints for organization webhooks"
Manage organization OAuth application policiesAccess to the "OAuth application policy" settings for the organization."About OAuth app access restrictions"
Edit custom properties values at the organization levelAccess to set custom property values on all repositories in the organization."Managing custom properties for repositories in your organization"
Manage the organization's custom properties definitionsAccess to create and edit custom property definitions for the organization."Managing custom properties for repositories in your organization"
Manage organization ref update rules and rulesetsAccess to manage rulesets and view ruleset insights at the organization level."Managing rulesets for repositories in your organization"
View organization audit logAccess to the audit log for the organization. The audit log may contain metadata for repositories in the organization."Reviewing the audit log for your organization"