About roles in an enterprise
All users that are part of your enterprise have one of the following roles.
- Enterprise owner: Can manage all enterprise settings, members, and policies
- Billing manager: Can manage enterprise billing settings
- Enterprise member: Is a member or owner of any organization in the enterprise
- Guest collaborator: Can be granted access to repositories or organizations, but has limited access by default (Enterprise Managed Users only)
- Unaffiliated user: Has been added to the enterprise but isn't a member of any organizations
For information about which users consume a license, see Personnes qui consomment une licence dans une organisation.
People with collaborator access to repositories are listed in your enterprise's "People" tab, but are not enterprise members and do not have access to the enterprise. See Rôles dans une organisation.
Enterprise owners
Enterprise owners have complete control over the enterprise and can take every action, including:
- Managing administrators
- Adding and removing organizations
- Removing enterprise members from all organizations
- Managing enterprise settings
- Enforcing policy across organizations
- Managing billing settings
For security, we recommend making only a few people enterprise owners.
Enterprise owners do not have access to organization settings or content by default, but they can gain access by joining any organization. See Gestion de votre rôle dans une organisation appartenant à votre entreprise.
Billing managers
Billing managers only have access to your enterprise's billing settings. They can view and manage:
- User licenses
- Usage-based billing
- Other billing settings
Billing managers do not have access to organization settings or content by default except for internal repositories within an enterprise in which they are a member.
Enterprise members
Members of organizations owned by your enterprise are automatically members of the enterprise.
Enterprise members:
- Cannot access or configure enterprise settings.
- Can access all repositories with "internal" visibility across any organization in the enterprise. See À propos des dépôts.
- May have different levels of access to various organizations and repositories. To view the resources someone has access to, see Visualisation des personnes dans votre entreprise.
Guest collaborators
Remarque
Le rôle de collaborateur invité est disponible uniquement avec Enterprise Managed Users.
Vous pouvez utiliser le rôle de collaborateur invité pour accorder un accès limité aux fournisseurs et aux prestataires. Les collaborateurs invités :
- Sont provisionnés par votre IdP, comme tous les comptes d’utilisateur managés.
- Peuvent être ajoutés en tant que membres de l’organisation ou en tant que collaborateurs dans les référentiels.
- Ne peuvent pas accéder aux référentiels internes de l’entreprise, sauf dans les organisations où ils sont ajoutés en tant que membres.
You may need to update your IdP application to use guest collaborators. See Activation des collaborateurs invités.
Unaffiliated users
Unaffiliated users are people who have been added to your enterprise but aren't members of any organizations. These users:
- Do not consume a standard GitHub Enterprise license.
- Cannot access private or internal repositories.
- Can be added as members of organizations or enterprise teams.
- Can receive a Copilot license directly from your enterprise.
You can add unaffiliated users from your identity provider (for Enterprise Managed Users) or by inviting users at the enterprise level (for personal accounts). For personal accounts, see Inviter directement des utilisateurs dans votre entreprise.
Next steps
When you have decided which roles your users require, assign the roles to them. See Assigning roles to users in an enterprise.