Roles in an enterprise

Learn which roles you can assign to control access to your enterprise's settings and data.

In this article

About roles in an enterprise

All users that are part of your enterprise have one of the following roles.

  • Enterprise owner: Can manage all enterprise settings, members, and policies
  • Enterprise member: Is a member or owner of any organization in the enterprise

People with collaborator access to repositories are listed in your enterprise's "People" tab, but are not enterprise members and do not have access to the enterprise. See Roles in an organization.

How do I assign roles?

When a user has joined your GitHub Enterprise Server instance, you can:

If you provision users with SCIM, you assign each user's enterprise role on your identity provider (IdP). The role cannot be changed on GitHub.

Enterprise owners

Enterprise owners have complete control over the enterprise and can take every action, including:

  • Managing administrators
  • Managing organizations
  • Managing enterprise settings
  • Enforcing policy across organizations

For security, we recommend making only a few people enterprise owners.

Enterprise owners do not have access to organization settings or content by default, but they can gain access by joining any organization. See Managing your role in an organization owned by your enterprise.

Enterprise members

Members of organizations owned by your enterprise are automatically members of the enterprise.

Enterprise members:

  • Cannot access or configure enterprise settings.
  • Can access all repositories with "internal" visibility across any organization in the enterprise. See About repositories.
  • May have different levels of access to various organizations and repositories. To view the resources someone has access to, see Viewing people in your enterprise.

Custom organization roles

With GitHub Enterprise Cloud and starting from GitHub Enterprise Server 3.19, enterprise owners can create custom organization roles for use in all of the enterprise's organizations. This allows centralized management of common roles such as "Developer" or "SRE team". Only enterprise owners can create or edit these roles, and any organization owner or user with the "Manage organization roles" permission can assign them in an organization.

When creating an organization role, enterprise owners can use the same organization and repository permissions and base roles as organization owners—there is no difference in how these roles function or what they can allow.

  1. In the top-right corner of GitHub Enterprise Server, click your profile picture, then click Enterprise settings.
  2. At the top of the page, click People.
  3. Select the "Organization Roles" section in the left-hand menu.
  4. Create a new role using the "Create custom role" button, or edit an existing role using the ellipsis menu (...).

See About custom organization roles for more information about creating and assigning custom organization roles.

At this time, up to 20 custom organization roles can be created by the enterprise. This limit is only for the enterprise - each organization can also create up to 20 custom organization roles.