Enterprise Level
At the enterprise level, which CIT Cloud Services runs:
- Owners have the ultimate power over the entire enterprise account and can take every action
- Billing managers can manage the enterprise account’s billing settings
- Members and outside collaborators of organizations belonging to your enterprise account are automatically members of the enterprise account, but have no access to the enterprise account itself or its settings. Members are enabled to create private and internal repositories.
Organization Level
At the organization level, which your institute, program, or team runs:
- Owners have complete administrative access to the organization
- Member is the default role for everyone else; members should be organized using teams for repository access
Repository Level
At the repository level:
- Admin: Recommended for people who need full access to the project, including sensitive and destructive actions like managing security or deleting a repository
- Maintain: Recommended for project managers who need to manage the repository without access to sensitive or destructive actions
- Write: Recommended for contributors who actively push to your project
- Triage: Recommended for contributors who need to proactively manage issues and pull requests without write access
- Read: Recommended for non-code contributors who want to view or discuss your project
For a more granular breakdown of each level’s ability to perform specific actions see the table Repository access for each permission level on docs.github.com.
Teams
Teams are groups of organization members that reflect the structure of your organization.
- Teams can nest other teams within them to further reflect the structure’s hierarchy and offer cascading access permissions from the parent team to the child teams
- Permissions for teams is given by organization owners and team maintainers
- Teams can be visible or secret
- Visible teams can be viewed and
@mentioned
by every organization member - Secret teams are visible to the people on the team and those with owner permissions
- Secret teams are great for hiding teams with sensitive names or members
- Secret teams cannot be nested or have child teams
- Visible teams can be viewed and
Repository Visibility
For enterprise accounts, repositories can be public, private, or internal. Your enterprise account is set so enterprise members can create private and internal repositories. Public repositories can only be created by enterprise or organization owners.
- Public: These repositories are accessible to everyone on the internet
- Private: Private repositories are only accessible to people with whom access is explicitly shared and certain organization members
- Internal: All enterprise members have read permissions to the internal repository
- Internal repositories are not visible to people outside of the enterprise account, including outside collaborators on organization repositories
- Internal repositories are great for practicing InnerSource within your enterprise account. Members of the enterprise can collaborate using open source methodologies without sharing information publicly.