About roles in an enterprise
GitHub offers a range of predefined and custom roles for access to enterprise settings and resources.
| Role | Description |
|---|---|
| Enterprise owner | Can manage all enterprise settings, members, and policies. |
| Billing manager | Can manage enterprise billing settings. |
| App manager | Can manage GitHub App registrations that are owned by the enterprise. |
| Security manager | Can view security results and manage security settings for the enterprise (공개 미리 보기). |
| User | A regular enterprise member with no administrative access. Includes organization members and unaffiliated users. |
| Guest collaborator | Can be granted access to repositories or organizations, but has limited access by default (Enterprise Managed Users only). |
| Custom roles | Define your own set of permissions for access to enterprise settings. |
People with collaborator access to repositories are listed in your enterprise's "People" tab, but are not enterprise members and do not have access to the enterprise. See 조직의 역할.
Enterprise owners
Enterprise owners have complete control over the enterprise and can take every action, including:
- Managing administrators
- Adding and removing organizations
- Removing enterprise members from all organizations
- Managing enterprise settings
- Enforcing policy across organizations
- Managing billing settings
- Managing security settings
Enterprise owners do not have access to organization settings or content by default, but they can gain access by joining any organization. See 엔터프라이즈가 소유한 조직 내 역할 관리.
Billing managers
Billing managers only have access to your enterprise's billing settings. They can view and manage:
- User licenses
- Usage-based billing
- Other billing settings
Billing managers do not have access to organization settings or content by default except for internal repositories within an enterprise in which they are a member.
App managers
GitHub App managers:
- Can view, create, edit, and delete GitHub App registrations that are owned by the enterprise. For the specific app settings that GitHub App managers can control, see GitHub 앱 등록 수정.
- Cannot install and uninstall GitHub Apps on an enterprise or organization.
App managers can also be assigned to individual apps. See Adding and removing GitHub App managers in your enterprise.
Security managers
참고 항목
The enterprise security manager role is in 공개 미리 보기 and subject to change.
Security managers have the permissions required to effectively manage use of security features and alerts for the enterprise. They can view, manage, and assign:
- Security configurations at the enterprise and organization level
- Use of GitHub Secret Protection and GitHub Code Security at the enterprise and organization level
- Security alerts and dashboards for all repositories in organizations in the enterprise
- Security campaigns for organizations
- Repository settings for security features
In addition, they have read access for code in all repositories and write access for all security alerts in the enterprise.
Users
Users have no administrative access to the enterprise by default. They cannot access or configure enterprise settings, unless you assign them a custom role that grants this access.
Organization members
If a user is a member or owner of any organization, they are listed as an organization member on your enterprise's "People" page. In addition to their access to organizations where they are members, these users can access all repositories with "internal" visibility in any organization in the enterprise. See 리포지토리 정보.
Unaffiliated users
If a user is not a member of any organization, they are listed as an unaffiliated user. These users:
- Do not consume a GitHub Enterprise license.
- Cannot access private or internal repositories.
- Can be added as members of enterprise teams.
- Can receive a Copilot license directly from your enterprise.
Guest collaborators
참고 항목
게스트 협력자 역할은 Enterprise Managed Users에서만 사용할 수 있습니다.
게스트 협력자 역할을 사용하여 공급업체 및 계약자에게 제한된 액세스 권한을 부여할 수 있습니다. 게스트 협력자의 권한:
- 모든 관리형 사용자 계정과 마찬가지로 IdP에 의해 프로비전됩니다.
- 리포지토리에 조직 구성원 또는 협력자로 추가될 수 있습니다.
- 구성원으로 추가된 조직을 제외하고 엔터프라이즈의 내부 리포지토리에는 액세스할 수 없습니다.
You may need to update your IdP application to use guest collaborators. See 게스트 협력자 사용.
Custom roles
With custom roles, you can define your own sets of permissions. This allows you to delegate administrative duties securely or grant extra privileges to help non-administrators be productive.
To create a custom enterprise role, see Creating custom roles in an enterprise.
Next steps
When you have decided which roles your users require, assign the roles to them. See Assigning roles to people in an enterprise.