Fine-grained PATs can access Enterprise APIs [Preview] #1119
Labels
Copilot Enterprise
Product SKU: Copilot Enterprise
Copilot for Business
Product SKU: Copilot for Business
Enterprise
Product SKU: GitHub Enterprise
preview
Feature phase: Preview
Comments
glider-bot
added
Copilot Enterprise
ankneis
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Value Prop
Today, only PATs (Personal Access Tokens) Classic can interact with the Enterprise account - managing SCIM and users, creating organizations, setting policy, and provisioning self-hosted runners, as popular examples. By switching to fine-grained PATs for these APIs, enterprises get a better least-privilege security posture. With this release, you can use tokens with just enough permission to accomplish the job instead of a PAT (Classic) that requires permission to do anything to your enterprise.
Expected Outcome
This release trails #793, which establishes the fine-grained permissions model for the enterprise. Because each API must be updated individually to support new permissions, not every single API will be supported at the time of the public preview. We are prioritizing the most popular APIs to ensure that enterprises can replace the highest number of PATs (Classic), and will ship with at least those for the public preview.
These APIs are:
The text was updated successfully, but these errors were encountered: