Custom Roles for Organizational Permissions

[github-product-roadmap]

Summary

Enterprise customers will have the ability to craft custom organization level roles from fine grained permissions. This will work in a similar way to the existing Custom Repository Roles feature. Admins will be able to create custom roles at the organizational layer, which grant permissions on both the organization (e.g. creating a GitHub app) and the repo level (viewing code).

Intended Outcome

Organizational admins can delegate organizational responsibilities and privileges safely, reducing the number of admins in an organization. This allows the creation of :

• CI/CD admins
• Invitation and membership admins
• Security managers
• Auditors

Admins can also grant org-wide permissions on repos, ensuring that teams with cross-cutting responsibilities can easily and automatically have the permissions they need to get their work done (for example, giving a security team read permissions on all repos).

How will it work?

The organization owner role will continue to exist, but organizations can now create custom roles that exist in between member and owner. These roles can be assigned to both users and teams inside the organization. The roles can contain both organization permissions (the ability to make a change to the organization) and repository permissions (the ability to interact with all of the repos in the organization).