Skip to main content

About custom organization roles

You can control access to your organization's settings with custom organization roles.

Who can use this feature?

Organization owners and users with the "Manage custom organization roles" permission

Organizations on GitHub Enterprise Cloud and GitHub Enterprise Server

You can have more granular control over the access you grant to your organization's settings by creating custom organization roles. Organization roles are a way to grant an organization member the ability to administer certain subsets of settings without granting full administrative control of the organization and its repositories. For example, you could create a role that contains the "View organization audit log" permission.

You can create and assign custom organization roles in your organization's settings. You can also manage custom roles using the REST API. See Managing custom organization roles.

To grant access to specific repositories in your organization, you can create a custom repository role. See About custom repository roles.

Permissions for organization access

When you include a permission in a custom organization role, any users with that role will have access to the corresponding settings via both the web browser and API. In the organization's settings in the browser, users will see only the pages for settings they can access.

Organization permissions do not grant read, write, or administrator access to any repositories. Some permissions may implicitly grant visibility of repository metadata, as marked in the table below.

PermissionDescriptionMore information
Manage custom organization rolesAccess to create, view, update, and delete custom organization roles within the organization. This permission does not allow a user to assign custom roles.Managing custom organization roles
View organization rolesAccess to view the organization's custom organization roles.Managing custom organization roles
Manage custom repository rolesAccess to create, view, update, and delete the organization's custom repository roles.Managing custom repository roles for an organization
View custom repository rolesAccess to view the organization's custom repository roles.Managing custom repository roles for an organization
Manage organization webhooksAccess to register and manage webhooks for the organization. Users with this permission will be able to view webhook payloads, which may contain metadata for repositories in the organization.REST API endpoints for organization webhooks
Edit custom properties values at the organization levelAccess to set custom property values on all repositories in the organization.Managing custom properties for repositories in your organization
Manage the organization's custom properties definitionsAccess to create and edit custom property definitions for the organization.Managing custom properties for repositories in your organization
Manage organization ref update rules and rulesetsAccess to manage rulesets and view ruleset insights at the organization level.Managing rulesets for repositories in your organization
View organization audit logAccess to the audit log for the organization. The audit log may contain metadata for repositories in the organization.Reviewing the audit log for your organization
Manage organization Actions policiesAccess to manage all settings on the "Actions General" settings page, except for self-hosted runners settings.Disabling or limiting GitHub Actions for your organization
Manage organization runners and runner groupsAccess to create and manage GitHub-hosted runners, self-hosted runners, and runner groups, and control where self-hosted runners can be created.About GitHub-hosted runners

About self-hosted runners
Manage organization Actions secretsAccess to create and manage Actions organization secrets.Using secrets in GitHub Actions
Manage organization Actions variablesAccess to create and manage Actions organization variables.Store information in variables