Skip to main content

This version of GitHub Enterprise Server was discontinued on 2024-09-25. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Roles in an enterprise

Learn which roles you can assign to control access to your enterprise's settings and data.

About roles in an enterprise

All users that are part of your enterprise have one of the following roles.

  • Enterprise owner: Can manage all enterprise settings, members, and policies
  • Enterprise member: Is a member or owner of any organization in the enterprise

People with collaborator access to repositories are listed in your enterprise's "People" tab, but are not enterprise members and do not have access to the enterprise. See "Roles in an organization."

How do I assign roles?

When a user has joined your GitHub Enterprise Server instance, you can:

If you provision users with SCIM, you assign each user's enterprise role on your identity provider (IdP). The role cannot be changed on GitHub.

Enterprise owners

Enterprise owners have complete control over the enterprise and can take every action, including:

  • Managing administrators
  • Managing organizations
  • Managing enterprise settings
  • Enforcing policy across organizations

For security, we recommend making only a few people enterprise owners.

Enterprise owners do not have access to organization settings or content by default, but they can gain access by joining any organization. See "Managing your role in an organization owned by your enterprise."

Enterprise members

Members of organizations owned by your enterprise are automatically members of the enterprise.

Enterprise members:

  • Cannot access or configure enterprise settings.
  • Can access all repositories with "internal" visibility across any organization in the enterprise. See "About repositories."
  • May have different levels of access to various organizations and repositories. To view the resources someone has access to, see "Viewing people in your enterprise."