Repository permission levels for an organization
You can customize access to each repository in your organization with granular permission levels, giving people access to the features and tasks they need.
People with admin permissions can manage individual and team access to an organization-owned repository.
In this article
- Permission levels for repositories owned by an organization
- Repository access for each permission level
Permission levels for repositories owned by an organization
You can give organization members, outside collaborators, and teams of people different levels of access to repositories owned by an organization. Each permission level progressively increases access to a repository's content and settings. Choose the level that best fits each person or team's role in your project without giving people more access to the project than they need.
From least access to most access, the permission levels for an organization repository are:
- Read: Recommended for non-code contributors who want to view or discuss your project
- Write: Recommended for contributors who actively push to your project
- Admin: Recommended for people who need full access to the project, including sensitive and destructive actions like managing security or deleting a repository
For more information about giving people and teams access to repositories, see "Managing access to your organization's repositories."
Organization owners can also choose to further limit access to certain settings and actions across the organization. For more information on options for specific settings, see "Managing organization settings."
In addition to managing organization-level settings, organization owners have admin permissions for every repository owned by the organization. For more information, see "Permission levels for an organization."
Warning: When someone adds a deploy key to a repository, any user who has the private key can read from or write to the repository (depending on the key settings), even if they're later removed from the organization.
Repository access for each permission level
Repository action | Read permissions | Write permissions | Admin permissions |
---|---|---|---|
Pull from (read) the person or team's assigned repositories | X | X | X |
Fork (copy) the person or team's assigned repositories | X | X | X |
Edit and delete their own comments on commits, pull requests, and issues | X | X | X |
Open issues | X | X | X |
Close issues they opened themselves | X | X | X |
Reopen issues they closed themselves | X | X | X |
Have an issue assigned to them | X | X | X |
Send pull requests from forks of the team's assigned repositories | X | X | X |
Submit reviews on pull requests | X | X | X |
View published releases | X | X | X |
Edit wikis | X | X | X |
Push to (write) the person or team's assigned repositories | X | X | |
Edit and delete anyone's comments on commits, pull requests, and issues | X | X | |
Lock conversations | X | X | |
Apply labels and milestones | X | X | |
Close, reopen, and assign all issues | X | X | |
Act as a designated code owner for a repository | X | X | |
Request pull request reviews | X | X | |
Submit reviews that affect a pull request's mergeability | X | X | |
Create status checks | X | X | |
Create and edit releases | X | X | |
View draft releases | X | X | |
Merge pull requests on protected branches, even if there are no approving reviews | X | ||
Define code owners for a repository | X | ||
Edit a repository's description | X | ||
Manage topics | X | ||
Add a repository to a team (see "Adding a repository to a team" for details) | X | ||
Manage outside collaborator access to a repository (see "Adding outside collaborators to repositories in your organization" for details) | X | ||
Change a repository's visibility (see "Restricting repository visibility changes in your organization" for details) | X | ||
Change a repository's settings (see "Changing repository settings" for details) | X | ||
Manage team and collaborator access to the repository | |||
Edit the repository's default branch | |||
Manage webhooks, service hooks, and deploy keys | |||
Allow or disable forks for a specific private repository | X | ||
Transfer repositories into the organization account (see "Restricting repository creation in your organization" for details) | X | ||
Delete or transfer repositories (see "Setting permissions for deleting or transferring repositories in your organization" for details) | X | ||
Archive repositories | X |