People with owner or team maintainer roles can manage repository access with teams. Each team can have different repository access permissions.
There are three types of repository permissions available for people or teams collaborating on repositories that belong to an organization:
- Read
- Write
- Admin
For more information on changing a person or team's access to an organization repository, see "Managing an individual's access to an organization repository" and "Managing team access to an organization repository."
In addition, organization members with owner permissions have extensive permissions across all repositories in an organization. For more information, see "Permission levels for an organization".
| Repository action | Read permissions | Write permissions | Admin permissions | Owner permissions |
|---|---|---|---|---|
| Pull (read), push (write), and clone (copy) all repositories in the organization | X | |||
| Promote organization members to team maintainer | X | |||
| Convert organization members to outside collaborators | X | |||
| Create repositories (see "Creating repositories" for details) | X | X | X | X |
| Edit a repository's description | X | X | ||
| Delete repositories (see "Deleting and transferring repositories" for details) | X | X | ||
| Transfer repositories into the organization account (see "Creating repositories" for details) | X | X | ||
| Transfer repositories out of the organization account (see "Deleting and transferring repositories" for details) | X | X | ||
| Change a repository's settings (see "Changing repository settings" for details) | X | X | ||
| Change a repository's visibility (see "Changing the visibility of repositories" for details) | X | X | ||
| Add a repository to a team (see "Adding a repository to a team" for details) | X | X | ||
| Add outside collaborators to a repository | X | X | ||
| Remove outside collaborators from a repository | X | X | ||
| Pull from (read) the team's assigned repositories | X | X | X | X |
| Push to (write) the team's assigned repositories | X | X | X | |
| Fork (copy) the team's assigned repositories | X | X | X | X |
| Send pull requests from forks of the team's assigned repositories | X | X | X | X |
| Open, merge and close pull requests | X | X | X | |
| Merge pull requests on protected branches, even if there are no approved reviews | X | X | ||
| Submit reviews on pull requests | X | X | X | X |
| Submit reviews that affect a pull request's mergeability | X | X | X | |
| Request pull request reviews | X | X | X | |
| Open issues | X | X | X | X |
| Close, reopen, and assign issues | X | X | X | |
| Close issues they opened themselves | X | X | X | X |
| Apply labels and milestones | X | X | X | |
| Have an issue assigned to them | X | X | X | X |
| Create and edit releases | X | X | X | |
| View draft releases | X | X | X | |
| View published releases | X | X | X | X |
| Edit and delete their own comments on commits, pull requests, and issues | X | X | X | X |
| Edit and delete anyone's comments on commits, pull requests, and issues | X | X | X | |
| Edit wikis | X | X | X | X |
| Create status-checks | X | X | X | |
| Manage topics | X | X | ||
| Define code owners for a repository | X | X | ||
| Act as a designated code owner for a repository | X | X | X | |
| Lock conversations | X | X | X | |
| Disable project boards | X | X | X | |
| Create project boards | X | X | X |
Changing repository settings
Repository settings include:
- Adding, removing, and editing collaborator access
- Editing the repository's default branch
- Adding, removing, and editing webhooks and service hooks
- Adding deploy keys
- Changing repository visibility
Warning: When someone adds a deploy key to a repository, any user who has the private key can read from or write to the repository (depending on the key settings), even if they're later removed from the organization.
Adding a repository to a team
Organization owners can add any repository to any team in the organization. Organization members with admin access to a repository can add that repository to any other team they belong to.
Team maintainers
An organization owner can promote any member of the organization to team maintainer for one or more teams. Members with team maintainer permissions can:
- Change the team's name and description
- Remove organization members from the team
- Promote an existing team member to team maintainer
- Remove the team's access to repositories
- Reinstate a former organization member
For more information, see "Giving team maintainer permissions to an organization member."
Outside collaborators
Repository collaborators can include organization members or outside collaborators. An outside collaborator is a person who has access to one or more organization repositories but is not explicitly a member of the organization, such as a consultant or temporary employee. For more information, see:
- "Adding outside collaborators to repositories in your organization"
- "Converting an organization member to an outside collaborator"
- "Removing an outside collaborator from an organization repository"
Creating repositories
By default, all organization members can create repositories for the organization and transfer repositories into the organization. If you choose, you can restrict repository creation permissions to organization owners only.
Warning: Members of teams that had admin permissions under the legacy organization membership structure are able to create repositories for the organization under improved organization permissions, even if the repository creation setting is not enabled. For more information, see "Migrating your previous admin teams to the improved organization permissions."
In the top right corner of GitHub Enterprise, click your profile photo, then click Your profile.
On the left side of your profile page, under "Organizations", click the icon for your organization.
Under your organization name, click Settings.
In the left sidebar, click Member privileges.
Under "Repository creation", deselect Allow members to create repositories for this organization.
- Click Save.
Changing the visibility of repositories
By default, only organization members with admin privileges to a repository can change the visibility from public to private or from private to public. If you choose, you can restrict the ability to change repository visibility to organization owners only.
In the top right corner of GitHub Enterprise, click your profile photo, then click Your profile.
On the left side of your profile page, under "Organizations", click the icon for your organization.
Under your organization name, click Settings.
In the left sidebar, click Member privileges.
Under "Repository visibility change", deselect Allow members to change repository visibilities for this organization.
- Click Save.
Deleting and transferring repositories
By default, only organization members with admin privileges to a repository can delete the repository or transfer it out of the organization. If you choose, you can restrict repository deletion and outgoing transfer permissions to organization owners only.
In the top right corner of GitHub Enterprise, click your profile photo, then click Your profile.
On the left side of your profile page, under "Organizations", click the icon for your organization.
Under your organization name, click Settings.
In the left sidebar, click Member privileges.
Under "Repository deletion", deselect Allow members to delete or transfer repositories for this organization.
- Click Save.
