diff --git a/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md index f5b3f17ed32d..bedf9adaa84a 100644 --- a/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md +++ b/content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md @@ -30,6 +30,8 @@ topics: {% data variables.product.prodname_dependabot_security_updates %} make it easier for you to fix vulnerable dependencies in your repository. You typically add a `dependabot.yml` file to your repository to enable {% data variables.product.prodname_dependabot_security_updates %}. You then configure options in this file to tell {% data variables.product.prodname_dependabot %} how to maintain your repository. +{% data reusables.dependabot.dependabot-updates-supported-repos-ecosystems %} + If you enable {% data variables.product.prodname_dependabot_security_updates %}, when a {% data variables.product.prodname_dependabot %} alert is raised for a vulnerable dependency in the dependency graph of your repository, {% data variables.product.prodname_dependabot %} automatically tries to fix it. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)" and "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." > [!NOTE] diff --git a/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md b/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md index a15aed26a83a..ade2ad779c1b 100644 --- a/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md +++ b/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md @@ -30,6 +30,8 @@ shortTitle: Dependabot version updates {% data variables.product.prodname_dependabot %} takes the effort out of maintaining your dependencies. You can use it to ensure that your repository automatically keeps up with the latest releases of the packages and applications it depends on. +{% data reusables.dependabot.dependabot-updates-supported-repos-ecosystems %} + You enable {% data variables.product.prodname_dependabot_version_updates %} by checking a `dependabot.yml` configuration file into your repository. The configuration file specifies the location of the manifest, or of other package definition files, stored in your repository. {% data variables.product.prodname_dependabot %} uses this information to check for outdated packages and applications. {% data variables.product.prodname_dependabot %} determines if there is a new version of a dependency by looking at the semantic versioning ([semver](https://semver.org/)) of the dependency to decide whether it should update to that version. For certain package managers, {% data variables.product.prodname_dependabot_version_updates %} also supports vendoring. Vendored (or cached) dependencies are dependencies that are checked in to a specific directory in a repository rather than referenced in a manifest. Vendored dependencies are available at build time even if package servers are unavailable. {% data variables.product.prodname_dependabot_version_updates %} can be configured to check vendored dependencies for new versions and update them if necessary. When {% data variables.product.prodname_dependabot %} identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. For vendored dependencies, {% data variables.product.prodname_dependabot %} raises a pull request to replace the outdated dependency with the new version directly. You check that your tests pass, review the changelog and release notes included in the pull request summary, and then merge it. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)." @@ -56,33 +58,6 @@ If you've enabled security updates, you'll sometimes see extra pull requests for {% data reusables.dependabot.version-updates-skip-scheduled-runs %} -## Supported repositories and ecosystems - - -You can configure version updates for repositories that contain a dependency manifest or lock file for one of the supported package managers. For some package managers, you can also configure vendoring for dependencies. For more information, see [`vendor`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#vendor). -{% data variables.product.prodname_dependabot %} also supports dependencies in private registries. For more information, see [`registries`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#registries). -{% ifversion ghes %} - -{% note %} - -**Note**: To ensure that {% data variables.product.product_name %} supports {% data variables.product.prodname_dependabot_updates %} for the latest supported ecosystem versions, your enterprise owner must download the most recent version of the [{% data variables.product.prodname_dependabot %} action](https://github.com/github/dependabot-action). {% data reusables.actions.action-bundled-actions %} - -{% endnote %} - -{% endif %} - -{% note %} - -**Note**: {% data reusables.dependabot.private-dependencies-note %} - -{% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. See the details in the table below. - -{% endnote %} - -{% data reusables.dependabot.supported-package-managers %} - -If your repository already uses an integration for dependency management, you will need to disable this before enabling {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}For more information, see "[AUTOTITLE](/get-started/exploring-integrations/about-integrations)."{% endif %} - {% ifversion dependabot-updates-paused %} ## About automatic deactivation of {% data variables.product.prodname_dependabot_updates %} diff --git a/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md b/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md index c03f93532ec0..183303fe9ece 100644 --- a/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md +++ b/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md @@ -33,7 +33,7 @@ You enable {% data variables.product.prodname_dependabot_version_updates %} by c By default only direct dependencies that are explicitly defined in a manifest are kept up to date by {% data variables.product.prodname_dependabot_version_updates %}. You can choose to receive updates for indirect dependencies defined in lock files. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#allow)." -{% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)" and "[AUTOTITLE](/get-started/learning-about-github/github-language-support)." +{% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see "[AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories)" and "[AUTOTITLE](/get-started/learning-about-github/github-language-support)." ## Enabling {% data variables.product.prodname_dependabot_version_updates %} diff --git a/content/code-security/dependabot/ecosystems-supported-by-dependabot/index.md b/content/code-security/dependabot/ecosystems-supported-by-dependabot/index.md new file mode 100644 index 000000000000..fa4bb2803ee2 --- /dev/null +++ b/content/code-security/dependabot/ecosystems-supported-by-dependabot/index.md @@ -0,0 +1,18 @@ +--- +title: Ecosystems supported by Dependabot +intro: '{% data variables.product.prodname_dependabot %} supports a wide range of ecosystems to help keep your code secure' +allowTitleToDifferFromFilename: true +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Dependabot + - Dependencies + - Alerts + - Vulnerabilities + - Repositories +shortTitle: Dependabot ecosystems +children: + - /supported-ecosystems-and-repositories +--- diff --git a/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md b/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md new file mode 100644 index 000000000000..e28484af7434 --- /dev/null +++ b/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md @@ -0,0 +1,46 @@ +--- +title: Dependabot supported ecosystems and repositories +shortTitle: Dependabot ecosystem support # Max 31 characters +intro: '{% data variables.product.prodname_dependabot %} supports a variety of ecosystems and repositories' +allowTitleToDifferFromFilename: true +type: reference +topics: + - Dependabot + - Dependencies + - Alerts + - Vulnerabilities + - Repositories +versions: + fpt: '*' + ghec: '*' + ghes: '*' +--- + +## About {% data variables.product.prodname_dependabot %} + +{% data variables.product.prodname_dependabot %} helps you stay on top of your dependency ecosystems. With {% data variables.product.prodname_dependabot %}, you can keep the dependencies you rely on up-to-date, addressing any potential security issues in your supply chain. + +{% data reusables.dependabot.dependabot-overview %} + +For more information about {% data variables.product.prodname_dependabot %}, see "[AUTOTITLE](/code-security/getting-started/dependabot-quickstart-guide)." + +In this article, you can see what the supported ecosystems and repositories are. + +## Supported ecosystems and repositories + + +You can configure updates for repositories that contain a dependency manifest or lock file for one of the supported package managers. For some package managers, you can also configure vendoring for dependencies. For more information, see [`vendor`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#vendor). +{% data variables.product.prodname_dependabot %} also supports dependencies in private registries. For more information, see [`registries`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#registries). +{% ifversion ghes %} + +> [!NOTE] +> To ensure that {% data variables.product.product_name %} supports {% data variables.product.prodname_dependabot_updates %} for the latest supported ecosystem versions, your enterprise owner must download the most recent version of the [{% data variables.product.prodname_dependabot %} action](https://github.com/github/dependabot-action). {% data reusables.actions.action-bundled-actions %} +{% endif %} + +> [!NOTE] +> * {% data reusables.dependabot.private-dependencies-note %} +> * {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. See the details in the table below. + +If your repository already uses an integration for dependency management, you will need to disable this before enabling {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}For more information, see "[AUTOTITLE](/get-started/exploring-integrations/about-integrations)."{% endif %} + +{% data reusables.dependabot.supported-package-managers %} diff --git a/content/code-security/dependabot/index.md b/content/code-security/dependabot/index.md index 1adfda26479e..54b1d60dc439 100644 --- a/content/code-security/dependabot/index.md +++ b/content/code-security/dependabot/index.md @@ -14,6 +14,7 @@ topics: - Repositories - Dependencies children: + - /ecosystems-supported-by-dependabot - /dependabot-alerts - /dependabot-auto-triage-rules - /dependabot-security-updates diff --git a/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md b/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md index 89d679c61b46..8831d314224b 100644 --- a/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md +++ b/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md @@ -170,7 +170,7 @@ Similarly, if {% data variables.product.prodname_dependabot %} can't access a pr To allow {% data variables.product.prodname_dependabot %} to update the dependency references successfully, make sure that all of the referenced dependencies are hosted at accessible locations. -**Version updates only.** {% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)." +**Version updates only.** {% data reusables.dependabot.private-dependencies-note %} Additionally, {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. For more information, see "[AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories)." {% ifversion dependabot-version-updates-groups %} diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md index 77a82c60b386..f72a9141db7d 100644 --- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md +++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md @@ -59,7 +59,7 @@ You can allow {% data variables.product.prodname_dependabot %} to use {% data va ### Granting {% data variables.product.prodname_dependabot %} access to private {% ifversion ghec or ghes %}and internal {% endif %}repositories -To update private dependencies of repositories in your organization, {% data variables.product.prodname_dependabot %} needs access to those repositories. To grant {% data variables.product.prodname_dependabot %} access to the desired private {% ifversion ghec or ghes %}or internal {% endif %}repository, scroll down to the "Grant {% data variables.product.prodname_dependabot %} access to private repositories" section, then use the search bar to find and select the desired repository. Be aware that granting {% data variables.product.prodname_dependabot %} access to a repository means all users in your organization will have access to the contents of that repository through {% data variables.product.prodname_dependabot_updates %}. For more information about the supported ecosystems for private repositories, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)." +To update private dependencies of repositories in your organization, {% data variables.product.prodname_dependabot %} needs access to those repositories. To grant {% data variables.product.prodname_dependabot %} access to the desired private {% ifversion ghec or ghes %}or internal {% endif %}repository, scroll down to the "Grant {% data variables.product.prodname_dependabot %} access to private repositories" section, then use the search bar to find and select the desired repository. Be aware that granting {% data variables.product.prodname_dependabot %} access to a repository means all users in your organization will have access to the contents of that repository through {% data variables.product.prodname_dependabot_updates %}. For more information about the supported ecosystems for private repositories, see "[AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories)." ## Configuring global {% data variables.product.prodname_code_scanning %} settings diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles.md index a90a41325e45..8a878d442c61 100644 --- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles.md +++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles.md @@ -1,6 +1,6 @@ --- title: About custom organization roles -intro: "You can control access to your organization's settings with custom organization roles." +intro: "You can control access to your {% ifversion org-custom-role-with-repo-permissions %}organization and repository's{% else %} organization's{% endif %} settings with custom organization roles." versions: feature: 'custom-org-roles' topics: @@ -10,20 +10,28 @@ permissions: 'Organization owners and users with the "Manage custom organization product: 'Organizations on {% data variables.product.prodname_ghe_cloud %}{% ifversion ghes %} and {% data variables.product.prodname_ghe_server %}{% endif %}' --- -## About custom organization roles - {% data reusables.organizations.custom-org-roles-intro %} -You can create and assign custom organization roles in your organization's settings. You can also manage custom roles using the REST API. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)." +You can create and assign custom organization roles in your organization's settings. You can also manage custom roles using the REST API. See "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)." -Organization permissions do not grant read, write, or administrator access to any repositories. Some permissions may implicitly grant visibility of repository metadata, as marked in the table below. +{% ifversion org-custom-role-with-repo-permissions %} + +You can also create a custom organization role that includes permissions for repositories. Repository permissions grant access to all current and future repositories in the organization. There are several ways to combine permissions for repositories and organizations. You can create a custom organization role with: + +You can create a role that includes permissions for organization settings, a base role for repository access, or both. If you add a base role for repository access, you can also include additional repository permissions. You can't create a role with repository permissions unless it includes a base repository role. Without repository permissions or a base repository role, the organization role doesn't grant access to any repositories. + +>[!NOTE] Adding repository permissions to a custom organization role is currently in public beta and subject to change. -To granularly control access to your organization's repositories, you can create a custom repository role. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles)." +{% endif %} -## Permissions for custom roles +To grant access to **specific** repositories in your organization, you can create a custom repository role. See "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles)." + +## Permissions for organization access When you include a permission in a custom organization role, any users with that role will have access to the corresponding settings via both the web browser and API. In the organization's settings in the browser, users will see only the pages for settings they can access. +Organization permissions do not grant read, write, or administrator access to any repositories. Some permissions may implicitly grant visibility of repository metadata, as marked in the table below. + {% rowheaders %} | Permission | Description | More information | @@ -56,3 +64,31 @@ Manage organization OAuth application policies | Access to the "OAuth applicatio | {% endif %} | {% endrowheaders %} + +{% ifversion org-custom-role-with-repo-permissions %} + +## Base roles for repository access + +The base repository role determines the initial set of permissions included in the custom role. Repository access is granted across **all** current and future repositories in the organization. + +The base repository roles are: + +* **Read**: Grants read access to all repositories in the organization. +* **Write**: Grants write access to all repositories in the organization. +* **Triage**: Grants triage access to all repositories in the organization. +* **Maintain**: Grants maintenance access to all repositories in the organization. +* **Admin**: Grants admin access to all repositories in the organization. + +## Additional permissions for repository access + +After choosing a base repository role, you can select additional permissions for your custom organization role. + +You can only choose an additional permission if it's not already included in the base repository role. For example, if the base role offers **Write** access to a repository, then the "Close a pull request" permission will already be included in the base role. + +{% data reusables.organizations.additional-permissions %} + +## Precedence for different levels of access + +{% data reusables.organizations.precedence-for-different-levels %} + +{% endif %} diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/index.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/index.md index 8b5eb8c34a71..53adf95a2252 100644 --- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/index.md +++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/index.md @@ -14,9 +14,9 @@ topics: - Teams children: - /roles-in-an-organization + - /using-organization-roles - /about-custom-organization-roles - /managing-custom-organization-roles - - /using-organization-roles - /maintaining-ownership-continuity-for-your-organization - /adding-a-billing-manager-to-your-organization - /removing-a-billing-manager-from-your-organization diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles.md index 58d884bad354..10217b1e1dd8 100644 --- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles.md +++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles.md @@ -2,7 +2,9 @@ title: Using organization roles intro: "Learn how to{% ifversion org-pre-defined-roles %} view organization role permissions and{% endif %} manage organization role assignments." versions: - feature: 'custom-org-roles' + fpt: '*' + ghec: '*' + ghes: '>=3.14' topics: - Organizations - Access management @@ -10,7 +12,7 @@ topics: - Permissions permissions: 'Organization owners{% ifversion ghec %} and users with the "Manage custom organization roles" permission{% endif %}' product: 'Organizations on {% data variables.product.prodname_free_team %}, {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, {% data variables.product.prodname_ghe_cloud %}, and {% data variables.product.prodname_ghe_server %}' -shortTitle: Using organization roles +shortTitle: Use organization roles --- ## About organization roles diff --git a/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles.md b/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles.md index b6626593849e..acbfe7611734 100644 --- a/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles.md +++ b/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles.md @@ -30,7 +30,9 @@ You can also use the REST API to create and manage custom repository roles. For {% endif %} {% ifversion custom-org-roles %} -Custom repository roles manage access to repositories in your organization. To granularly control access to your organization's administration settings, you can use custom organization roles. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles)." +Custom repository roles manage access to specific repositories in your organization. To {% ifversion org-custom-role-with-repo-permissions %}grant access to all repositories, and to {% endif %}control access to your organization's administration settings, you can use custom organization roles. See "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles)." + +Custom organization roles differ from repository roles by granting permissions across **all** current and future repositories in the organization. Custom repository roles, however, allow you to grant permissions to **specific** repositories within the organization. {% endif %} ## About the inherited role @@ -62,79 +64,8 @@ After choosing an inherited role, you can select additional permissions for your You can only choose an additional permission if it's not already included in the inherited role. For example, if the inherited role offers **Write** access to a repository, then the "Close a pull request" permission will already be included in the inherited role. -{% ifversion discussions %} - -### Discussions - -* Create a discussion category -* Edit a discussion category -* Delete a discussion category -* Mark or unmark discussion answers -* Hide or unhide discussion comments -* Convert issues to discussions - -For more information, see "[AUTOTITLE](/discussions)." -{% endif %} - -### Issue and Pull Requests - -* Assign or remove a user -* Add or remove a label - -### Issue - -* Close an issue -* Reopen a closed issue -* Delete an issue -* Mark an issue as a duplicate - -### Pull Request - -* Close a pull request -* Reopen a closed pull request -* Request a pull request review - -### Repository - -* Set milestones -* Manage wiki settings -* Manage project settings -* Manage pull request merging settings -* Manage {% data variables.product.prodname_pages %} settings (see "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site)") -* Manage webhooks -* Manage deploy keys -* Edit repository metadata -{%- ifversion ghec %} -* Set interaction limits -{%- endif %} -* Set the social preview -* Push commits to protected branches - * Base role must be `write` - * Branch protection rules will still apply -* Create protected tags -* Delete protected tags -* Bypass branch protections -{%- ifversion edit-repository-rules %} -* Edit repository rules -{%- endif %} - -### Security - -* View {% data variables.product.prodname_code_scanning %} results -* Dismiss or reopen {% data variables.product.prodname_code_scanning %} results -* Delete {% data variables.product.prodname_code_scanning %} results -* View {% data variables.product.prodname_dependabot_alerts %} -* Dismiss or reopen {% data variables.product.prodname_dependabot_alerts %} -* View {% data variables.product.prodname_secret_scanning %} results -* Dismiss or reopen {% data variables.product.prodname_secret_scanning %} results +{% data reusables.organizations.additional-permissions %} ## Precedence for different levels of access -If a person is given different levels of access through different avenues, such as team membership and the base permissions for an organization, the highest access overrides the others. For example, if an organization owner gives an organization member a custom role that uses the "Read" inherited role, and then an organization owner sets the organization's base permission to "Write", then this custom role will have write access, along with any additional permissions included in the custom role. - -{% data reusables.organizations.mixed-roles-warning %} - -To resolve conflicting access, you can adjust your organization's base permissions or the team's access, or edit the custom role. For more information, see: -* "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/setting-base-permissions-for-an-organization)" -* "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)" -* "[Editing a repository role](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization#editing-a-repository-role)" +{% data reusables.organizations.precedence-for-different-levels %} diff --git a/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository.md b/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository.md index 62352cfd08c6..7c7c2e77b105 100644 --- a/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository.md +++ b/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository.md @@ -33,14 +33,14 @@ If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %} For more information about repository roles, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/permission-levels-for-a-personal-account-repository)" and "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)." -![Screenshot of the "Manage access" page for a repository.](/assets/images/help/repository/manage-access-overview.png) - ## Filtering the list of teams and people {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.click-collaborators-teams %} -1. Under "Manage access", in the search field, start typing the name of the team or person you'd like to find. Optionally, use the dropdown menus to filter your search. +1. Under "Manage access", in the search field, start typing the name of the team or person you'd like to find. Optionally, use the dropdown menus to filter your search. {% ifversion org-custom-role-with-repo-permissions %} + + You can also toggle between the **Direct access** and **Organization access** tabs to view who has direct access to the repository and who can access the repository via a team or organization role.{% endif %} ## Changing permissions for a team or person diff --git a/data/features/org-custom-role-with-repo-permissions.yml b/data/features/org-custom-role-with-repo-permissions.yml new file mode 100644 index 000000000000..058d7cf7cfc0 --- /dev/null +++ b/data/features/org-custom-role-with-repo-permissions.yml @@ -0,0 +1,5 @@ +# Issue #11307 +# Documentation for custom organization roles can include repository permissions +versions: + ghec: '*' + ghes: '>=3.15' diff --git a/data/reusables/dependabot/dependabot-updates-supported-repos-ecosystems.md b/data/reusables/dependabot/dependabot-updates-supported-repos-ecosystems.md new file mode 100644 index 000000000000..bd4589dfc894 --- /dev/null +++ b/data/reusables/dependabot/dependabot-updates-supported-repos-ecosystems.md @@ -0,0 +1 @@ +For information on the supported repositories and ecosystems, see "[AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories)." diff --git a/data/reusables/dependabot/supported-package-managers.md b/data/reusables/dependabot/supported-package-managers.md index caa0657c017b..179ce078210f 100644 --- a/data/reusables/dependabot/supported-package-managers.md +++ b/data/reusables/dependabot/supported-package-managers.md @@ -1,41 +1,37 @@ -The following table shows, for each package manager: -* The YAML value to use in the `dependabot.yml` file -* The supported versions of the package manager -* Whether dependencies in private {% data variables.product.prodname_dotcom %} repositories or registries are supported -* Whether vendored dependencies are supported - -| Package manager | YAML value | Supported versions | Private repositories | Private registries | Vendoring | -| ---------------|------------------|------------------|:---:|:---:|:---: | -| Bundler | `bundler` | v1, v2 | {% octicon "x" aria-label="Not supported" %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | -| [Cargo](#cargo) | `cargo` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}{% ifversion dependabot-updates-cargo-private-registry-support %}{% else %} (Git only){% endif %} | {% octicon "x" aria-label="Not supported" %} | -| Composer | `composer` | v1, v2 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +Package manager | YAML value | Supported versions | Version updates | Security updates | Private repositories | Private registries | Vendoring | +---------------|------------------|------------------|:---:|:---:|:---:|:---:|:---:| +Bundler | `bundler` | v1, v2 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | +[Cargo](#cargo) | `cargo` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}{% ifversion dependabot-updates-cargo-private-registry-support %}{% else %} (Git only){% endif %} | {% octicon "x" aria-label="Not supported" %} | +Composer | `composer` | v1, v2 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | | {% ifversion dependabot-version-updates-devcontainer-support %} | -| [Dev containers](#dev-containers) | `devcontainers` | Not applicable | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | -| {% endif %}| -| {% ifversion dependabot-version-updates-enhanced-docker-support %}| -| [Docker](#docker){% else %}Docker{% endif %} | `docker` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | -| Hex | `mix` | v1 | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | -| elm-package | `elm` | v0.19 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | -| git submodule | `gitsubmodule` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | -| [{% data variables.product.prodname_actions %}](#github-actions) | `github-actions` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | -| Go modules | `gomod` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | -| [Gradle](#gradle) | `gradle` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | -| [Maven](#maven) | `maven` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | -| npm | `npm` | v6, v7, v8, v9 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | -| [NuGet](#nuget-cli) | `nuget` | {% ifversion dependabot-updates-v680-nuget-support %}<=6.8.0{% elsif ghes = 3.12 %}<= 6.7.0{% else %}<= 4.8{% endif %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | -| {% ifversion dependabot-PEP621-support %} [pip](#pip-and-pip-compile){% else %}pip{% endif %} | `pip` | v21.1.2 | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | -| pipenv | `pip` | <= 2021-05-29 | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | -| {% ifversion dependabot-PEP621-support %}[pip-compile](#pip-and-pip-compile){% else %}pip-compile{% endif %} | `pip` | 6.1.0 | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +[Dev containers](#dev-containers) | `devcontainers` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | +| {% endif %} | +| {% ifversion dependabot-version-updates-enhanced-docker-support %} | +[Docker](#docker){% else %}Docker{% endif %} | `docker` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | +Hex | `mix` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +elm-package | `elm` | v0.19 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +git submodule | `gitsubmodule` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | +[{% data variables.product.prodname_actions %}](#github-actions) | `github-actions` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | +Go modules | `gomod` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | +[Gradle](#gradle) | `gradle` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +[Maven](#maven) | `maven` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +npm | `npm` | v6, v7, v8, v9 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +[NuGet](#nuget-cli) | `nuget` | {% ifversion dependabot-updates-v680-nuget-support %}<=6.8.0{% elsif ghes = 3.12 %}<= 6.7.0{% else %}<= 4.8{% endif %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +| {% ifversion dependabot-PEP621-support %}[pip](#pip-and-pip-compile){% else %}pip{% endif %} | `pip` | v21.1.2 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +pipenv | `pip` | <= 2021-05-29 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +| {% ifversion dependabot-PEP621-support %}[pip-compile](#pip-and-pip-compile){% else %}pip-compile{% endif %} | `pip` | 6.1.0 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | | {% ifversion dependabot-updates-pnpm-support %} | -| [pnpm](#pnpm) | `npm` | v7, v8, v9 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +[pnpm](#pnpm) | `npm` | v7, v8, v9 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | | {% endif %} | -| poetry | `pip` | v1 | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | -| [pub](#pub) | `pub` | v2 | {% ifversion dependabot-updates-pub-private-registry %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% ifversion dependabot-updates-pub-private-registry %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% octicon "x" aria-label="Not supported" %} | +poetry | `pip` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +[pub](#pub) | `pub` | v2 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% ifversion dependabot-updates-pub-private-registry %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% ifversion dependabot-updates-pub-private-registry %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% octicon "x" aria-label="Not supported" %} | | {% ifversion dependabot-updates-swift-support %} | -| [Swift](#swift) | `swift` | v5 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} (git only) | {% octicon "x" aria-label="Not supported" %} | +[Swift](#swift) | `swift` | v5 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} (git only) | {% octicon "x" aria-label="Not supported" %} | +| {% endif %} | +[Terraform](#terraform) | `terraform` | >= 0.13, <= 1.8.x | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | +| {% ifversion dependabot-yarn-v3-update %} | +[yarn](#yarn) | `npm` | v1, v2, v3 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}|{% else %}yarn | `npm` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | | | {% endif %} | -| [Terraform](#terraform) | `terraform` | >= 0.13, <= 1.8.x | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | -| [yarn](#yarn) | `npm` | v1, v2, v3 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}| {% tip %} @@ -43,6 +39,8 @@ The following table shows, for each package manager: {% endtip %} +For further information about ecosystem support for {% data variables.product.prodname_dependabot_security_updates %}, see also "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems)." + #### Cargo {% ifversion dependabot-updates-cargo-private-registry-support %}Private registry support includes cargo registries, so you can use {% data variables.product.prodname_dependabot %} to keep your Rust dependencies up-to-date. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#cargo)."{% else %}Private registry support applies to Git registries, and doesn't include cargo registries.{% endif %} diff --git a/data/reusables/organizations/additional-permissions.md b/data/reusables/organizations/additional-permissions.md new file mode 100644 index 000000000000..998fe0a25ef6 --- /dev/null +++ b/data/reusables/organizations/additional-permissions.md @@ -0,0 +1,65 @@ +{% ifversion discussions %} + +### Discussions + +* Create a discussion category +* Edit a discussion category +* Delete a discussion category +* Mark or unmark discussion answers +* Hide or unhide discussion comments +* Convert issues to discussions + +For more information, see "[AUTOTITLE](/discussions)." +{% endif %} + +### Issue and Pull Requests + +* Assign or remove a user +* Add or remove a label + +### Issue + +* Close an issue +* Reopen a closed issue +* Delete an issue +* Mark an issue as a duplicate + +### Pull Request + +* Close a pull request +* Reopen a closed pull request +* Request a pull request review + +### Repository + +* Set milestones +* Manage wiki settings +* Manage project settings +* Manage pull request merging settings +* Manage {% data variables.product.prodname_pages %} settings (see "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site)") +* Manage webhooks +* Manage deploy keys +* Edit repository metadata +{%- ifversion ghec %} +* Set interaction limits +{%- endif %} +* Set the social preview +* Push commits to protected branches + * Base role must be `write` + * Branch protection rules will still apply +* Create protected tags +* Delete protected tags +* Bypass branch protections +{%- ifversion edit-repository-rules %} +* Edit repository rules +{%- endif %} + +### Security + +* View {% data variables.product.prodname_code_scanning %} results +* Dismiss or reopen {% data variables.product.prodname_code_scanning %} results +* Delete {% data variables.product.prodname_code_scanning %} results +* View {% data variables.product.prodname_dependabot_alerts %} +* Dismiss or reopen {% data variables.product.prodname_dependabot_alerts %} +* View {% data variables.product.prodname_secret_scanning %} results +* Dismiss or reopen {% data variables.product.prodname_secret_scanning %} results diff --git a/data/reusables/organizations/custom-org-roles-create-new-step.md b/data/reusables/organizations/custom-org-roles-create-new-step.md index 20c60fc22dab..99715e5c42ff 100644 --- a/data/reusables/organizations/custom-org-roles-create-new-step.md +++ b/data/reusables/organizations/custom-org-roles-create-new-step.md @@ -1,4 +1,14 @@ 1. Click **Create a role**. -1. Type a name and description for the custom role. -1. Under "Add permissions", click the text field, then select the permissions you want to add to the custom role. For more information about the available permissions, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles#additional-permissions-for-custom-roles)." +1. Type a name and description for the custom role.{% ifversion org-custom-role-with-repo-permissions %} +1. Under "Add permissions", click the **Organization** or **Repository** tab to select the type of permissions you want to add to the custom role. + + * To add permissions for the organization, click the **Organization** tab, then select the dropdown menu and click the permissions you want your custom role to include. + * To choose a base repository role to inherit, click the **Repository** tab, then select the dropdown menu and click the base role you want to include in the custom role. For more information about the available base repository roles, see "[Base roles for repository access](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles#base-roles-for-repository-access)." + + Once you've selected a base repository role, you can add additional permissions to the custom role. For more information about the available permissions, see "[Additional permissions for repository access](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles#additional-permissions-for-repository-access)." + + >[!NOTE] Adding a repository role and permissions to a custom organization role is currently in public beta and subject to change. + +{% else %} +1. Under "Add permissions", click the text field, then select the permissions you want to add to the custom role. For more information about the available permissions, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles#additional-permissions-for-custom-roles)."{% endif %} 1. Click **Create role**. diff --git a/data/reusables/organizations/custom-org-roles-intro.md b/data/reusables/organizations/custom-org-roles-intro.md index cd43619d6b9f..fb8681aea216 100644 --- a/data/reusables/organizations/custom-org-roles-intro.md +++ b/data/reusables/organizations/custom-org-roles-intro.md @@ -1 +1 @@ -You can have more granular control over the access you grant to your organization's settings by creating custom organization roles. Organization roles are a way to grant an organization member the ability to administer certain subsets of settings without granting full administrative control of the organization and its repositories. For example, you could create a role that contains the "View organization audit log" permission. +You can have more granular control over the access you grant to your {% ifversion org-custom-role-with-repo-permissions %}organization and repository's{% else %} organization's{% endif %} settings by creating custom organization roles. Organization roles are a way to grant an organization member the ability to administer certain subsets of settings without granting full administrative control of the organization and its repositories. For example, you could create a role that contains the "View organization audit log" permission. diff --git a/data/reusables/organizations/precedence-for-different-levels.md b/data/reusables/organizations/precedence-for-different-levels.md new file mode 100644 index 000000000000..a6047d830830 --- /dev/null +++ b/data/reusables/organizations/precedence-for-different-levels.md @@ -0,0 +1,9 @@ +Roles and permissions are additive. If a person is given different levels of access through different avenues, such as team membership and the base permissions for an organization, the user has the sum of all access grants. For example, if an organization owner gives an organization member a custom role that uses the "Read" inherited role, and then an organization owner sets the organization's base permission to "Write", then members with the custom role will have write access, along with any additional permissions included in the custom role. + +{% data reusables.organizations.mixed-roles-warning %} + +To resolve conflicting access, you can adjust your organization's base permissions or the team's access, or edit the custom role. For more information, see: +* "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/setting-base-permissions-for-an-organization)" +* "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)" +* "[Editing a repository role](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization#editing-a-repository-role)"{% ifversion custom-org-roles %} +* "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles#editing-a-custom-role)"{% endif %} diff --git a/data/reusables/secret-scanning/push-protection-delegated-bypass-overview.md b/data/reusables/secret-scanning/push-protection-delegated-bypass-overview.md index cdbc97fbc317..d0e858288136 100644 --- a/data/reusables/secret-scanning/push-protection-delegated-bypass-overview.md +++ b/data/reusables/secret-scanning/push-protection-delegated-bypass-overview.md @@ -4,7 +4,7 @@ If the request to bypass push protection is approved, the contributor can push t To configure delegated bypass, organization owners or repository administrators must change the "Who can bypass push protection for {% data variables.product.prodname_secret_scanning %}" setting in the UI from **Anyone with write access** to **Specific roles and teams**. -Organization owners or repository administrators are them prompted to create a "bypass list". The bypass list comprises the specific roles and teams, such as the security team or repository administrators, who oversee requests from non-members to bypass push protection. For more information, see "[Configuring delegated bypass for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization)" and "[Configuring delegated bypass for a repository](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-a-repository)." +Organization owners or repository administrators are then prompted to create a "bypass list". The bypass list comprises the specific roles and teams, such as the security team or repository administrators, who oversee requests from non-members to bypass push protection. For more information, see "[Configuring delegated bypass for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization)" and "[Configuring delegated bypass for a repository](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-a-repository)." {% ifversion push-protection-bypass-fine-grained-permissions %} Alternatively, instead of creating a bypass list, you can grant specific organization members the ability to review and manage bypass requests using fine-grained permissions. For more information, see "[Using fine-grained permissions to control who can review and manage bypass requests](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#using-fine-grained-permissions-to-control-who-can-review-and-manage-bypass-requests)."{% endif %}