About roles in an organization
To perform any actions on GitHub, a person must have sufficient access to the relevant account or resource. This access is controlled by permissions. A permission is the ability to perform a specific action, such as changing billing settings for the organization. A role is a set of permissions you can assign to individuals or teams.
In your enterprise's organizations, you can give roles to individuals or teams to allow them to manage the organization's settings or contribute to the organization's repositories.
Organization owners have full administrative access to the organization. To ensure that no one will lose access to a project, we recommend that each organization has at least two owners. As an organization owner, you can change the role of other organization members and owners. You can't change your own role.
Types of organization roles
Every user you add to an organization has a membership type (owner, member, or billing manager) which determines the user's base set of permissions in the organization. For example:
- An organization owner can access all organization settings.
- An organization member can create repositories but not change any organization settings.
In addition to the membership type, you can assign users and teams additional roles which give users more permissions in the organization and its repositories.
Depending on the level of control you need, you can grant users:
- A pre-defined role that GitHub provides, which can include access to organization settings and blanket access to repositories. For example: "All-repository write."
- A custom role where you define your own set of organization and repository permissions.
For more information, see 组织中的角色 and 关于自定义组织角色.
Adding users to organizations
How you add users to organizations depends on whether you are using Enterprise Managed Users.
- If you're not using Enterprise Managed Users:
- You will send an invite to users' personal accounts, asking them to join the organization. See Inviting users to join your organization(邀请用户加入你的组织).
- As an alternative, if the organization uses SAML SSO, you can manage membership from your SSO provider using SCIM. See 关于组织的 SCIM.
- If you are using Enterprise Managed Users:
- First, you will add users to the enterprise from your identity provider using SCIM.
- Then, you can either add users to organizations directly, or link identity provider (IdP) groups to teams within organizations, which will automatically add users to organizations. See 使用标识提供者组管理团队成员身份.
Once you have added a user to the organization, you can grant them a specific role.
Tip
You can also add users directly to repositories in an organization without giving them organization membership. This is called the "outside collaborator" or "repository collaborator" role, depending on whether you use Enterprise Managed Users. See 添加外部协作者到组织的仓库.
Next steps
Now you have added users to an organization, you can create teams in the organization to manage permissions, notifications, and code ownerships for groups of people. See Creating teams.