Permission levels for security advisories

The actions you can take in a security advisory depend on whether you have admin or write permissions to the security advisory.

In this article

Permissions overview

Anyone with admin permissions to a repository can create a security advisory.

Anyone with admin permissions to a repository also has admin permissions to all security advisories in that repository. People with admin permissions to a security advisory can add collaborators, and collaborators have write permissions to the security advisory. For more information about adding a collaborator to a security advisory, see "Adding a collaborator to a security advisory."

ActionWrite permissionsAdmin permissions
See a draft security advisoryXX
Add collaborators to the security advisory (see "Adding a collaborator to a security advisory")X
Edit and delete any comments in the security advisoryXX
Create a temporary private fork in the security advisory (see "Collaborating in a temporary private fork to resolve a security vulnerability")X
Add changes to a temporary private fork in the security advisory (see "Collaborating in a temporary private fork to resolve a security vulnerability")XX
Create pull requests in a temporary private fork (see "Collaborating in a temporary private fork to resolve a security vulnerability")XX
Merge changes in the security advisory (see "Collaborating in a temporary private fork to resolve a security vulnerability")X
Add and edit metadata in the security advisory (see "Publishing a security advisory")XX
Add and remove credits for a security advisory (see "Editing a security advisory")XX
Close the draft security advisoryX
Publish the security advisory (see "Publishing a security advisory")X

Further reading

Ask a human

Can't find what you're looking for?

Contact us