You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/admin/concepts/enterprise-fundamentals/roles-in-an-enterprise.md
+16-21Lines changed: 16 additions & 21 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,8 +2,7 @@
2
2
title: Roles in an enterprise
3
3
intro: 'Learn how roles allow you to control people''s access to your enterprise''s settings and resources.'
4
4
versions:
5
-
ghec: '*'
6
-
ghes: '*'
5
+
feature: enterprise-custom-roles
7
6
shortTitle: Roles
8
7
topics:
9
8
- Enterprise
@@ -15,34 +14,30 @@ contentType: concepts
15
14
16
15
## What are roles?
17
16
18
-
A role is a **set of permissions** that you can assign to individuals or teams. A permission is the ability to perform a specific action, such as changing billing settings.
19
-
20
-
A user in an enterprise has a role for both the enterprise account itself and for each individual organization in the enterprise.
17
+
Roles allow you to delegate administrative duties and manage access securely at every level of your enterprise.
21
18
22
-
* The enterprise-level role defines the user's access to enterprise settings, and to internal repositories across the enterprise.
23
-
* Organization-level roles define the user's access to organization settings and repositories in that organization.
19
+
A role is a **set of permissions** that you can assign to individuals or teams. A permission is the ability to perform a specific action, such as changing billing settings.
24
20
25
-
## Predefined and custom roles for organizations
21
+
A user in an enterprise has roles for both the enterprise account and organizations where they have access.
26
22
27
-
Organization roles can be **predefined** or **custom**.
23
+
* The enterprise-level roles define the user's access to enterprise settings.
24
+
* Organization-level roles define the user's access to organization settings and repositories in an organization.
28
25
29
-
* Predefined roles, such as organization owner or billing manager, grant blanket permissions to users or teams. They may contain more permissions than someone needs to do their job.
30
-
* Custom roles include fine-grained permissions for organization settings and repository access. They allow you to follow the principle of least privilege by giving teams just the access they need to do their jobs. For example, you could allow a team to view your audit logs without allowing them to change policies.
26
+
## Predefined and custom roles
31
27
32
-
We recommend using custom roles wherever possible. However, if a predefined role meets your needs, this is the quickest way to grant permissions.
28
+
Organization and enterprise roles can be **predefined** or **custom**. Enterprise custom roles are in {% data variables.release-phases.public_preview %}.
33
29
34
-
## Who can assign roles?
30
+
* Predefined roles, such as enterprise owner, organization owner, or billing manager, are available for all accounts. They grant a predefined set of permissions to users or teams and may contain more permissions than someone needs to do their job.
31
+
* Custom roles include your choice of fine-grained permissions. They can include access to account settings and (for organization custom roles) repository access, allowing you to provide teams with just the access they need to do their jobs. For example, you could allow a team to view your enterprise's audit logs without allowing them to change any settings.
35
32
36
-
Enterprise roles are assigned when a user is invited to the enterprise (personal accounts) or provisioned from an identity provider.{% ifversion ent-owner-custom-org-roles %} Enterprise owners can also create custom organization roles to be used across organizations, but these roles can only be assigned by organization administrators.{% endif %}
33
+
To follow the principle of least privilege access, we recommend using customroles if they allow for the permissions you require. However, not all capabilities of predefined roles can currently be replicated in custom roles.
37
34
38
-
Organization administrators can grant organization roles and create custom organization roles, but can't affect roles at the enterprise level.
35
+
## Who manages roles?
39
36
40
-
## Further reading
37
+
Enterprise owners can create custom enterprise roles and assign enterprise roles to users and teams. They can also create custom organization roles to be used across organizations, but these roles can only be assigned by organization owners.
41
38
42
-
Review the predefined roles and fine-grained permissions available with custom organization roles, and plan out what roles will be required for your teams to do their jobs on {% data variables.product.github %}.
39
+
Organization owners can grant organization roles and create custom organization roles, but cannot edit roles or change role assignments that are defined at the enterprise level.
To ensure continued access, we recommend giving the enterprise owner role to at least two people, and the organization owner role to at least two people per organization. However, you should grant most teams only the minimum level of access they require.
43
+
Now that you understand roles, plan which roles will be required for your teams to do their jobs on {% data variables.product.github %}. See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/identify-role-requirements).
Copy file name to clipboardExpand all lines: content/admin/concepts/enterprise-fundamentals/teams-in-an-enterprise.md
+18-10Lines changed: 18 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Teams in an enterprise
3
3
intro: 'Learn how teams simplify administration of user access, licensing, and communication.'
4
4
versions:
5
-
ghec: '*'
5
+
feature: enterprise-teams
6
6
shortTitle: Teams
7
7
topics:
8
8
- Enterprise
@@ -16,10 +16,11 @@ contentType: concepts
16
16
17
17
Teams are **groups of users** in an enterprise or organization. By creating teams, you can manage users at scale and simplify access, licensing, and communication. For example, you could create an auditor team for users who need access to audit logs, or a {% data variables.product.prodname_copilot_short %} team for users who receive {% data variables.product.prodname_copilot_short %} licenses.
18
18
19
-
Administrators can create teams in an enterprise account or in organizations within an enterprise.
19
+
**Enterprise teams** are managed at the enterprise level and can include users from across the enterprise and its organizations. With enterprise teams, you can centralize administration and manage organization access, roles, and licensing at scale.
20
20
21
-
***Enterprise teams** are managed by enterprise owners and can include users from across the enterprise and its organizations. Currently, enterprise teams are used to manage {% data variables.product.prodname_copilot %} licenses for directly assigned users. {% data variables.product.company_short %} plans to expand the capabilities in the near future to include organization and role assignment.
22
-
***Organization teams** are managed by organization administrators and can only include members of a single organization. Organization administrators can grant teams access to organization repositories, and organization members can mention teams in issues and discussions or add them as reviewers on pull requests.
21
+
**Organization teams** are managed at the organization level and can only include members of a single organization. There are certain features of organization teams that are not currently supported for enterprise teams, such as CODEOWNER status.
22
+
23
+
>[!NOTE] Enterprise teams are in public preview and subject to change.
23
24
24
25
## Can I manage teams from an identity provider?
25
26
@@ -41,22 +42,29 @@ Team sync with personal accounts is only available with organization teams, and
41
42
42
43
## What kind of team should I use?
43
44
44
-
To simplify administration at scale, {% data variables.product.company_short %} recommends using enterprise teams wherever possible. However, you may need to create organization teams if the functionality you need is not covered by enterprise teams. {% data variables.product.company_short %} plans to address some of these limitations in the near future.
45
+
To simplify administration at scale, {% data variables.product.company_short %} recommends using enterprise teams for any use cases that apply to the enterprise account or to multiple organizations. Organization teams are useful when the need for the team is scoped to a single organization and the team can be managed by an organization administrator.
46
+
47
+
You may need to create organization teams if the functionality you need is not covered by enterprise teams. {% data variables.product.company_short %} plans to address some limitations in the near future.
45
48
46
-
Unlike organization teams, enterprise teams currently do **not** support:
49
+
{% data reusables.enterprise.enterprise-teams-can %}
50
+
51
+
However, unlike organization teams, enterprise teams currently do **not** support:
47
52
48
-
* Repository or organization access
49
53
*`@-mentions` of the team name in organizations
54
+
* Review requests of the team in pull requests
55
+
* Adding the team to a project board
50
56
* Team sync if you use {% data variables.product.prodname_ghe_cloud %} with personal accounts
51
57
* CODEOWNER status
52
58
* Secret teams
53
59
* Nested teams
54
60
* Team maintainers
55
61
56
-
In addition, enterpriseteams are currently limited to 50 teams for a single enterprise and 500 users to each team.
62
+
{% data reusables.enterprise.enterprise-teams-limits %}
57
63
58
64
For more information about the capabilities of organization teams, see [AUTOTITLE](/organizations/organizing-members-into-teams/about-teams).
59
65
60
-
## Further reading
66
+
## Next steps
67
+
68
+
If your needs are covered by enterprise teams, create a team. See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/create-enterprise-teams).
If you need to create an organization team, an organization owner must do this from the organization settings. See [AUTOTITLE](/organizations/organizing-members-into-teams/creating-a-team).
Copy file name to clipboardExpand all lines: content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/custom-organization-roles.md
intro: 'You can use organizations to group users within your company, such as divisions or groups working on similar projects, and manage access to repositories.'
16
+
intro: You can use organizations to group users within your company, such as divisions or groups working on similar projects, and manage access to repositories.
0 commit comments