You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/code-security/getting-started/securing-your-organization.md
+1-5Lines changed: 1 addition & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,11 +22,7 @@ Some security features are only available {% ifversion fpt %}for public reposito
22
22
23
23
## Managing access to your organization
24
24
25
-
You can use roles to control what actions people can take in your organization. For more information, see "[Roles in an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization)."
26
-
27
-
{% ifversion fpt or ghes > 3.2 or ghae-issue-4999 %}
28
-
You can assign the security manager role to security teams in your organization to give them security management permissions exclusively, without extra permissions that they do not require. For more information, see "[Managing the security manager role in your organization](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-the-security-manager-role-in-your-organization)."
29
-
{% endif %}
25
+
You can use roles to control what actions people can take in your organization. {% if security-managers %}For example, you can assign the security manager role to a team to give them the ability to manage security settings across your organization, as well as read access to all repositories.{% endif %} For more information, see "[Roles in an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization)."
Copy file name to clipboardExpand all lines: content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md
+8-16Lines changed: 8 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,40 +1,33 @@
1
1
---
2
-
title: Managing the security manager role in your organization
2
+
title: Managing security managers in your organization
3
3
intro: 'You can give your security team the least access they need to your organization by assigning a team to the security manager role.'
4
4
versions:
5
-
fpt: '*'
6
-
ghes: '>=3.3'
7
-
ghae: 'issue-4999'
5
+
feature: 'security-managers'
8
6
topics:
9
7
- Organizations
10
8
- Teams
11
9
shortTitle: Security manager role
12
10
permissions: Organization owners can assign the security manager role.
13
11
---
14
12
15
-
{% note %}
13
+
{% data reusables.organizations.security-manager-beta-note %}
16
14
17
-
**Note:** The security manager role is in public beta and subject to change.
18
-
19
-
{% endnote %}
20
-
21
-
Organization owners can grant a team the permissions they need to manage security alerts and settings across your organization, as well as read access on all organization repositories, by assigning the security manager role.
15
+
{% data reusables.organizations.about-security-managers %}
22
16
23
17
## Permissions for the security manager role
24
18
25
19
Members of a team with the security manager role have only the permissions required to effectively manage security for the organization.
26
20
27
-
- Read access on all repositories in the organization, in addition to any existing repository access
21
+
- Read access on all repositories in the organization, in addition to any existing repository access
28
22
- Write access on all security alerts in the organization
29
23
- Access to the organization's security overview
30
24
- The ability to configure security settings at the organization level, including the ability to enable or disable {% data variables.product.prodname_GH_advanced_security %}
31
25
- The ability to configure security settings at the repository level, including the ability to enable or disable {% data variables.product.prodname_GH_advanced_security %}
32
26
33
-
While a team will be granted read permission on all organization repositories upon being added as security managers, any existing repository permissions that the team had will stay the same. If a team has the security manager role, only organization owners will be able to change team access to repositories in the **Repositories** tab.
27
+
If a team has the security manager role, only organization owners can change the team's access to individual repositories. People with admin access to a repository can see the team's access in the repository's settings but cannot remove or change the access. For more information, see "[Managing team access to an organization repository](/organizations/managing-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)" and "[Managing teams and people with access to your repository](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository)."
34
28
35
-
Repository owners will be able to see if a security manager team has access to their repository in the **Manage access** tab in their repository settings. Under **Manage direct access**, any security manager teams will appear as **Managed by organization owners** and their permissions cannot be removed or edited by the repository owner.
29
+
36
30
37
-
38
31
## Assigning the security manager role to a team in your organization
39
32
40
33
{% data reusables.profile.access_org %}
@@ -44,12 +37,11 @@ Repository owners will be able to see if a security manager team has access to t
## Removing the security manager role from a team in your organization
46
39
47
-
48
40
{% warning %}
49
41
50
42
**Warning:** Removing the security manager role from a team will remove the team's ability to manage security alerts and settings across the organization, but the team will retain read access to repositories that was granted when the role was assigned. You must remove any unwanted read access manually. For more information, see "[Managing team access to an organization repository](/organizations/managing-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository#removing-a-teams-access-to-a-repository)."
Copy file name to clipboardExpand all lines: content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md
+14-14Lines changed: 14 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,36 +18,35 @@ shortTitle: Roles in an organization
18
18
## About roles
19
19
{% data reusables.organizations.about-roles %}
20
20
21
-
You can give organization members, outside collaborators and teams of people varying levels of access to repositories by assigning repository roles. For more information, see "[Repository roles for an organization](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization)."
21
+
Repository-level roles give organization members, outside collaborators and teams of people varying levels of access to repositories. For more information, see "[Repository roles for an organization](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization)."
22
22
23
23
Team-level roles are roles that give permissions to manage a team. You can give any individual member of a team the team maintainer role, which gives the member a number of administrative permissions over a team. For more information, see "[Giving "team maintainer" permissions to an organization member](/organizations/managing-peoples-access-to-your-organization-with-roles/giving-team-maintainer-permissions-to-an-organization-member)."
24
24
25
-
Organization-level roles are different sets of permissions that can be assigned to individuals or teams to manage an organization and the repositories, teams and settings within it. For more information on each organization-level role, see [Roles for an organization](#roles-for-an-organization).
25
+
Organization-level roles are sets of permissions that can be assigned to individuals or teams to manage an organization and the organization's repositories, teams, and settings. For more information about all the roles available at the organization level, see "[About organization roles](#about-organization-roles)."
26
+
27
+
## About organization roles
28
+
29
+
You can assign individuals or teams to a variety of organization-level roles to control your members' access to your organization and its resources. For more details about the individual permissions included in each role, see "[Permissions for organization roles](#permissions-for-organization-roles)."
26
30
27
-
## Roles for an organization
28
31
### Organization owners
29
32
Organization owners have complete administrative access to your organization. This role should be limited, but to no less than two people, in your organization. For more information, see "[Maintaining ownership continuity for your organization](/organizations/managing-peoples-access-to-your-organization-with-roles/maintaining-ownership-continuity-for-your-organization)."
30
33
31
34
### Organization members
32
-
The default, non-administrative role for people in an organization is the organization member. Organization members have a number of permissions, including being able to create repositories and project boards.
35
+
The default, non-administrative role for people in an organization is the organization member. By default, organization members have a number of permissions, including the ability to create repositories and project boards.
33
36
34
37
{% ifversion fpt %}
35
38
### Billing managers
36
39
Billing managers are users who can manage the billing settings for your organization, such as payment information. This is a useful option if members of your organization don't usually have access to billing resources. For more information, see "[Adding a billing manager to your organization](/organizations/managing-peoples-access-to-your-organization-with-roles/adding-a-billing-manager-to-your-organization)."
37
40
{% endif %}
38
41
39
-
{% ifversion fpt or ghes > 3.2 or ghae-issue-4999 %}
42
+
{% if security-managers %}
40
43
### Security managers
41
44
42
-
{% note %}
43
-
44
-
**Note:** The security manager role is in public beta and subject to change.
45
-
46
-
{% endnote %}
45
+
{% data reusables.organizations.security-manager-beta-note %}
47
46
48
-
Security manager is an organization-level role that can be assigned to any team in an organization. When applied, it gives every member of the team permissions to manage security alerts and settings across your organization, as well as read permissions for all repositories in the organization.
47
+
{% data reusables.organizations.about-security-managers %}
49
48
50
-
If your organization has a security team, you can use the security manager role to give members of that team the permissions they need to do their job without any extra permissions they do not require. For more information, see "[Managing the security manager role in your organization](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-the-security-manager-role-in-your-organization)."
49
+
If your organization has a security team, you can use the security manager role to give members of the team the least access they need to the organization. For more information, see "[Managing security managers in your organization](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization)."
51
50
{% endif %}
52
51
### {% data variables.product.prodname_github_app %} managers
53
52
By default, only organization owners can manage the settings of {% data variables.product.prodname_github_apps %} owned by an organization. To allow additional users to manage {% data variables.product.prodname_github_apps %} owned by an organization, an owner can grant them {% data variables.product.prodname_github_app %} manager permissions.
@@ -128,8 +127,9 @@ Some of the features listed below are limited to organizations using {% data var
128
127
| Enable team synchronization (see "[Managing team synchronization for your organization](/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization)" for details) |**X**||||
129
128
130
129
{% elsif ghes > 3.2 or ghae-issue-4999 %}
130
+
<!--GHES 3.3+ and eventual GHAE release don't have the extra column for Billing managers, but have security managers-->
131
131
132
-
| Organization action test | Owners | Members | Security managers |
Security manager is an organization-level role that organization owners can assign to any team in an organization. When applied, it gives every member of the team permissions to manage security alerts and settings across your organization, as well as read permissions for all repositories in the organization.
0 commit comments