Organization owners can now create and assign custom organization roles, which grant members and teams specific sets of privileges within the organization. Like custom repository roles, organization roles are made up of one or more fine-grained permissions, such as “read audit logs” or “manage repository rulesets”, and apply to the organization itself rather than the repository. This feature is available in all Enterprise Cloud organizations and will come to GitHub Enterprise Server by version 3.13.

A screenshot of the role creation page, with a new role called "Auditor" that grants access to just the audit log permission.

Today, organization custom roles supports 10 permissions:

Roles can be assigned by an organization owner only, to prevent accidental escalation of privileges, and can be assigned to users and teams. Multiple organization roles can be assigned directly to a user or team. Users and teams inherit roles from the teams they are a part of.

A screenshot showing a user that's assigned to two different roles.

More organization permissions will be built over time, similar to how repository permissions were added as well. If you have a specific permission you’d like to see added please get in touch with your account team or let us know in the discussion below. Everything you can see in the organization settings menu is an option, and we’ll be working with teams across GitHub to get those permissions created.

To learn more about custom organization roles, see “About custom organization roles“, and for the REST APIs to manage and assign these roles programmatically see “Organization roles“. For feedback and suggestions for organization permissions, please join the discussion within GitHub Community.