Note
The security manager role is in beta and subject to change.
Security manager is an organization-level role that organization owners can assign to any team in an organization. When applied, it gives every member of the team permission to view security alerts and manage settings for code security across your organization, as well as read permission for all repositories in the organization.
Permissions for the security manager role
Organization members in a team assigned the security manager role have only the permissions required to effectively manage code security for the organization.
- Read access on all repositories in the organization, in addition to any existing repository access
- Write access on all security alerts in the organization
- Access to view and configure all repositories in the organization's security overview
- The ability to configure code security settings at the organization level, including the ability to enable or disable GitHub Advanced Security
- The ability to configure code security settings at the repository level, including the ability to enable or disable GitHub Advanced Security
If a team has the security manager role, people with admin access to the team and a specific repository can change the team's level of access to that repository but cannot remove the access. For more information, see "Managing team access to an organization repository" and "Managing teams and people with access to your repository."
Assigning the security manager role to a team in your organization
You can assign the security manager role to a maximum of 10 teams in your organization.
-
In the upper-right corner of GitHub, select your profile photo, then click Your organizations**.
-
Next to the organization, click Settings.
-
In the "Security" section of the sidebar, click Code security then Global settings.
-
In the "Security managers" section, in the search field, search for and select the team to give the role. Each team you select will appear in a list below the search bar.
Removing the security manager role from a team in your organization
-
In the upper-right corner of GitHub, select your profile photo, then click Your organizations**.
-
Next to the organization, click Settings.
-
In the "Security" section of the sidebar, click Code security then Global settings.
-
Under Security managers, next to the team you want to remove as security managers, click .