Repository permission levels for an organization
People with owner or team maintainer roles can manage repository access with teams. Each team can have different repository access permissions.
There are three types of repository permissions available for people or teams collaborating on repositories that belong to an organization:
For more information on changing a person or team's access to an organization repository, see "Managing an individual's access to an organization repository" and "Managing team access to an organization repository."
In addition, organization members with owner permissions have extensive permissions across all repositories in an organization. For more information, see "Permission levels for an organization".
|Repository action||Read permissions||Write permissions||Admin permissions||Owner permissions|
|Pull (read), push (write), and clone (copy) all repositories in the organization||X|
|Promote organization members to team maintainer||X|
|Convert organization members to outside collaborators||X|
|Create repositories (see "Restricting repository creation in your organization" for details)||X||X||X||X|
|Edit a repository's description||X||X|
|Delete repositories (see "Deleting and transferring repositories" for details)||X||X|
|Transfer repositories into the organization account (see "Restricting repository creation in your organization" for details)||X||X|
|Transfer repositories out of the organization account (see "Deleting and transferring repositories" for details)||X||X|
|Change a repository's settings (see "Changing repository settings" for details)||X||X|
|Change a repository's visibility (see "Restricting repository visibility changes in your organization" for details)||X||X|
|Add a repository to a team (see "Adding a repository to a team" for details)||X||X|
|Add outside collaborators to a repository (see "Adding outside collaborators to repositories in your organization" for details)||X||X|
|Remove outside collaborators from a repository||X||X|
|Pull from (read) the team's assigned repositories||X||X||X||X|
|Push to (write) the team's assigned repositories||X||X||X|
|Fork (copy) the team's assigned repositories||X||X||X||X|
|Send pull requests from forks of the team's assigned repositories||X||X||X||X|
|Open, merge and close pull requests||X||X||X|
|Merge pull requests on protected branches, even if there are no approving reviews||X||X|
|Submit reviews on pull requests||X||X||X||X|
|Submit reviews that affect a pull request's mergeability||X||X||X|
|Request pull request reviews||X||X||X|
|Close, reopen, and assign issues||X||X||X|
|Close issues they opened themselves||X||X||X||X|
|Reopen issues they closed themselves||X||X||X||X|
|Apply labels and milestones||X||X||X|
|Have an issue assigned to them||X||X||X||X|
|Create and edit releases||X||X||X|
|View draft releases||X||X||X|
|View published releases||X||X||X||X|
|Edit and delete their own comments on commits, pull requests, and issues||X||X||X||X|
|Edit and delete anyone's comments on commits, pull requests, and issues||X||X||X|
|Hide anyone's comments on commits, pull requests, and issues (see "Managing disruptive comments" for details)||X||X||X|
|Define code owners for a repository||X||X|
|Act as a designated code owner for a repository||X||X||X|
|Allow or disable forks for a specific private repository||X||X|
Changing repository settings
Repository settings include:
- Adding, removing, and editing collaborator access
- Editing the repository's default branch
- Adding, removing, and editing webhooks and service hooks
- Adding deploy keys
- Changing repository visibility
Warning: When someone adds a deploy key to a repository, any user who has the private key can read from or write to the repository (depending on the key settings), even if they're later removed from the organization.
Adding a repository to a team
Organization owners can add any repository to any team in the organization. Organization members with admin access to a repository can add that repository to any other team they belong to.
An organization owner can promote any member of the organization to team maintainer for one or more teams. Members with team maintainer permissions can:
- Change the team's name and description
- Change the team's visibility
- Request to add a child team
- Request to add or change a parent team
- Set the team profile picture
- Edit team discussions
- Delete team discussions
- Add organization members to the team
- Remove organization members from the team
- Promote an existing team member to team maintainer
- Remove the team's access to repositories
- Reinstate a former organization member
For more information, see "Giving team maintainer permissions to an organization member."
Repository collaborators can include organization members or outside collaborators. An outside collaborator is a person who has access to one or more organization repositories but is not explicitly a member of the organization, such as a consultant or temporary employee. For more information, see:
- "Adding outside collaborators to repositories in your organization"
- "Converting an organization member to an outside collaborator"
- "Removing an outside collaborator from an organization repository"
Deleting and transferring repositories
By default, only organization members with admin privileges to a repository can delete the repository or transfer it out of the organization. If you choose, you can restrict repository deletion and outgoing transfer permissions to organization owners only.
In the top right corner of GitHub Enterprise, click your profile photo, then click Your profile.
On the left side of your profile page, under "Organizations", click the icon for your organization.
Under your organization name, click Settings.
In the left sidebar, click Member privileges.
Under "Repository deletion", deselect Allow members to delete or transfer repositories for this organization.