Skip to main content
We publish frequent updates to our documentation, and translation of this page may still be in progress. For the most current information, please visit the English documentation.
All products
GitHub Packages

This version of GitHub Enterprise was discontinued on 2023-03-15. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Configuring a package's access control and visibility

In this article

Choose who has read, write, or admin access to your package and the visibility of your packages on GitHub.

GitHub Packages is available with GitHub Free, GitHub Pro, GitHub Free for organizations, GitHub Team, GitHub Enterprise Cloud, GitHub Enterprise Server 3.0 or higher, and GitHub AE. For more information about upgrading your GitHub Enterprise Server instance, see "About upgrades to new releases" and refer to the Upgrade assistant to find the upgrade path from your current release version.

A package inherits the permissions and visibility of the repository in which the package is published.

For more information about permissions for packages, packages-related scopes for PATs, or managing permissions for your GitHub Actions workflows, see "About permissions for GitHub Packages."

Configuring access to packages for your personal account

If you have admin permissions to a package that's scoped to a personal account, you can assign read, write, or admin roles to other users. For more information about these permission roles, see "Visibility and access permissions for packages."

If your package is private or internal and scoped to an organization, then you can only give access to other organization members or teams.

  1. Search for and then click the name of the package that you want to manage.

  2. On your package's landing page, on the right-hand side, click Package settings.

    Screenshot of a package's landing page. In the lower right corner, "Package settings" is highlighted with an orange outline.

  3. Under "Manage access" or "Inherited access", click Invite teams or people and enter the name, username, or email of the person you want to give access. Teams cannot be given access to a package that is scoped to a personal account.

  4. Next to the username or team name, use the Role drop-down menu to select a desired permission level.

The selected users will automatically be given access and don't need to accept an invitation first.

Configuring access to packages for an organization

If you have admin permissions to a package that is scoped to an organization, you can assign read, write, or admin roles to other users and teams. For more information about these permission roles, see "Visibility and access permissions for packages."

If your package is private or internal and scoped to an organization, then you can only give access to other organization members or teams.

  1. On GitHub, navigate to the main page of your organization.

  2. Under your organization name, click the Packages tab.

    Screenshot of @octo-org's profile page. The "Packages" tab is highlighted with an orange outline.

  3. Search for and then click the name of the package that you want to manage.

  4. On your package's landing page, on the right-hand side, click Package settings.

    Screenshot of a package's landing page. In the lower right corner, "Package settings" is highlighted with an orange outline.

  5. Under "Manage access" or "Inherited access", click Invite teams or people and enter the name, username, or email of the person you want to give access. You can also enter a team name from the organization to give all team members access.

  6. Next to the username or team name, use the Role drop-down menu to select a desired permission level.

The selected users or teams will automatically be given access and don't need to accept an invitation first.

Configuring visibility of packages for your personal account

When you first publish a package that is scoped to your personal account, the default visibility is private and only you can see the package. You can modify a private or public package's access by changing the access settings. Once you make your package public, you cannot make your package private again.

  1. Search for and then click the name of the package that you want to manage.

  2. On your package's landing page, on the right-hand side, click Package settings.

    Screenshot of a package's landing page. In the lower right corner, "Package settings" is highlighted with an orange outline.

  3. At the bottom of the page, under "Danger Zone", click Change visibility.

  4. Select a visibility setting:

    • To make the package visible to anyone, select Public.

      Warning: Once you make a package public, you cannot make it private again.

    • To make the package visible to a custom selection of people, select Private.

  5. To confirm, type the name of the package, then click I understand the consequences, change package visibility.

Package creation visibility for organization members

For registries that support granular permissions, you can choose the visibility of packages that organization members can publish by default. For the list of these registries, see "About permissions for GitHub Packages."

  1. In the top right corner of GitHub Enterprise Server, click your profile photo, then click Your organizations.

    Screenshot of the dropdown menu under @octocat's profile picture. "Your organizations" is outlined in dark orange.

  2. Next to the organization, click Settings.

  3. On the left, click Packages.

  4. Under "Package Creation", choose whether you want to enable the creation of public, private, or internal packages.

    • To enable organization members to create public packages, click Public.
    • To enable organization members to create private packages that are only visible to other organization members, click Private. You can further customize the visibility of private packages.
    • To enable organization members to create internal packages that are visible to all organization members, click Internal. If the organization belongs to an enterprise, the packages will be visible to all enterprise members.

Configuring visibility of packages for an organization

When you first publish a package, the default visibility is private and only you can see the package. You can grant users or teams different access roles for your package through the access settings. Once you make your package public, you cannot make your package private again.

  1. On GitHub, navigate to the main page of your organization.

  2. Under your organization name, click the Packages tab.

    Screenshot of @octo-org's profile page. The "Packages" tab is highlighted with an orange outline.

  3. Search for and then click the name of the package that you want to manage.

  4. On your package's landing page, on the right-hand side, click Package settings.

    Screenshot of a package's landing page. In the lower right corner, "Package settings" is highlighted with an orange outline.

  5. At the bottom of the page, under "Danger Zone", click Change visibility and choose a visibility setting:

    • To make the package visible to anyone, click Public.

      Warning: Once you make a package public, you cannot make it private again.

    • To make the package visible to a custom selection of people in your organization, click Private.

    • To make the package visible to all organization members, click Internal. If the organization belongs to an enterprise, the packages will be visible to all enterprise members.