Skip to main content

Repository roles for an organization

You can customize access to each repository in your organization by assigning granular roles, giving people access to the features and tasks they need.

Repository roles for organizations

You can give organization members, outside collaborators, and teams of people different levels of access to repositories owned by an organization by assigning them to roles. Choose the role that best fits each person or team's function in your project without giving people more access to the project than they need.

From least access to most access, the roles for an organization repository are:

  • Read: Recommended for non-code contributors who want to view or discuss your project
  • Triage: Recommended for contributors who need to proactively manage issues and pull requests without write access
  • Write: Recommended for contributors who actively push to your project
  • Maintain: Recommended for project managers who need to manage the repository without access to sensitive or destructive actions
  • Admin: Recommended for people who need full access to the project, including sensitive and destructive actions like managing security or deleting a repository

If your organization uses GitHub Enterprise Cloud, you can create custom repository roles. For more information, see "Managing custom repository roles for an organization" in the GitHub Enterprise Cloud documentation.

Organization owners can set base permissions that apply to all members of an organization when accessing any of the organization's repositories. For more information, see "Setting base permissions for an organization."

Organization owners can also choose to further limit access to certain settings and actions across the organization. For more information on options for specific settings, see "Managing organization settings."

In addition to managing organization-level settings, organization owners have admin access to every repository owned by the organization. For more information, see "Roles in an organization."

Warning: When someone adds a deploy key to a repository, any user who has the private key can read from or write to the repository (depending on the key settings), even if they're later removed from the organization.

Permissions for each role

Some of the features listed below are limited to organizations using GitHub Enterprise Cloud. For more information about how you can try GitHub Enterprise Cloud for free, see "Setting up a trial of GitHub Enterprise Cloud."

Note: The roles required to use security features are listed in "Access requirements for security features" below.

Repository actionReadTriageWriteMaintainAdmin
Manage individual, team, and outside collaborator access to the repositoryX
Pull from the person or team's assigned repositoriesXXXXX
Fork the person or team's assigned repositoriesXXXXX
Edit and delete their own commentsXXXXX
Open issuesXXXXX
Close issues they opened themselvesXXXXX
Reopen issues they closed themselvesXXXXX
Have an issue assigned to themXXXXX
Send pull requests from forks of the team's assigned repositoriesXXXXX
Submit reviews on pull requestsXXXXX
View published releasesXXXXX
View GitHub Actions workflow runsXXXXX
Edit wikis in public repositoriesXXXXX
Edit wikis in private repositoriesXXX
Report abusive or spammy contentXXXXX
Apply/dismiss labelsXXXX
Create, edit, delete labelsXXX
Close, reopen, and assign all issues and pull requestsXXXX
Enable and disable auto-merge on a pull requestXXX
Apply milestonesXXXX
Mark duplicate issues and pull requestsXXXX
Request pull request reviewsXXXX
Merge a pull requestXXX
Push to (write) the person or team's assigned repositoriesXXX
Edit and delete anyone's comments on commits, pull requests, and issuesXXX
Hide anyone's commentsXXX
Lock conversationsXXX
Transfer issues (see "Transferring an issue to another repository" for details)XXX
Act as a designated code owner for a repositoryXXX
Mark a draft pull request as ready for reviewXXX
Convert a pull request to a draftXXX
Submit reviews that affect a pull request's mergeabilityXXX
Apply suggested changes to pull requestsXXX
Create status checksXXX
Create, edit, run, re-run, and cancel GitHub Actions workflowsXXX
Create and edit releasesXXX
View draft releasesXXX
Edit a repository's descriptionXX
View and install packagesXXXXX
Publish packagesXXX
Delete and restore packagesX
Manage topicsXX
Enable wikis and restrict wiki editorsXX
Enable project boardsXX
Configure pull request mergesXX
Configure a publishing source for GitHub PagesXX
Manage branch protection rulesX
Push to protected branchesXX
Merge pull requests on protected branches, even if there are no approving reviewsX
Create tags that match a tag protection ruleXX
Delete tags that match a tag protection ruleX
Create and edit repository social cardsXX
Limit interactions in a repositoryXX
Delete an issue (see "Deleting an issue")X
Define code owners for a repositoryX
Add a repository to a team (see "Managing team access to an organization repository" for details)X
Manage outside collaborator access to a repositoryX
Change a repository's visibilityX
Make a repository a template (see "Creating a template repository")X
Change a repository's settingsX
Manage team and collaborator access to the repositoryX
Edit the repository's default branchX
Rename the repository's default branch (see "Renaming a branch")X
Rename a branch other than the repository's default branch (see "Renaming a branch")XXX
Manage webhooks and deploy keysX
Manage data use settings for your private repositoryX
Manage the forking policy for a repositoryX
Transfer repositories into the organizationX
Delete or transfer repositories out of the organizationX
Archive repositoriesX
Display a sponsor button (see "Displaying a sponsor button in your repository")X
Create autolink references to external resources, like Jira or Zendesk (see "Configuring autolinks to reference external resources")X
Enable GitHub Discussions in a repositoryXX
Create and edit categories for GitHub DiscussionsXX
Move a discussion to a different categoryXXX
Transfer a discussion to a new repositoryXXX
Manage pinned discussionsXXX
Convert issues to discussions in bulkXXX
Lock and unlock discussionsXXXX
Individually convert issues to discussionsXXXX
Create new discussions and comment on existing discussionsXXXXX
Delete a discussionXXX
Create codespacesXXX

Access requirements for security features

In this section, you can find the access required for security features, such as Advanced Security features.

Repository actionReadTriageWriteMaintainAdmin
Receive Dependabot alerts for insecure dependencies in a repositoryX
Dismiss Dependabot alertsX
Create security advisoriesX
Enable the dependency graph for a private repositoryX
View code scanning alerts on pull requestsXXXXX
List, dismiss, and delete code scanning alertsXXX
View secret scanning alerts in a repositoryX[1]X[1]X

[1] Repository writers and maintainers can only see alert information for their own commits.

Further reading