Managing roles and governance via enterprise teams is in public preview

[queenofcorgis]

Last month, GitHub Enterprise Cloud introduced a public preview of enterprise teams in order to allow administrators to manage Copilot Business licenses in their enterprise account. As promised in that release, we are back with more, both for enterprise teams as well as other key enterprise experiences. GitHub is introducing more capabilities that supercharge enterprise owners to own their enterprise, no matter the size. With this public preview release we're unlocking more ways to scale governance and policy across GitHub, enhance management of enterprises with multiple organizations, and set a new baseline for platform management.

What's changing?

As of today, enterprise owners will be able to:

• Assign enterprise teams to organizations.
• Create and assign custom enterprise roles.
• Assign enterprise roles to both enterprise teams and users, including the new predefined Enterprise Security Manager role.
• Empower organization and repository owners to assign roles to enterprise teams within their scope.
• Assign enterprise teams and roles to ruleset bypass lists.

These new features are a big step in improving user and organization management across the GitHub Enterprise platform. Whether enterprise owners use a custom role or a predefined one, they can now manage users or groups of users (i.e., enterprise teams) to more granularly manage access and permissions in their business. Define an enterprise team once and assign it to as many organizations as needed without having to redefine it every time. Once available inside an organization, organization and repository administrators can assign roles within their resource scope. However, they cannot remove permissions and roles granted by the enterprise owner.

In public preview, there are limitations to this experience. Learn more in our documentation about enterprise teams product limits.

Enterprise Security Manager role, now available

Available today for GitHub Code Security, GitHub Secret Protection, and GitHub Advanced Security customers, security teams can use the new predefined Enterprise Security Manager (ESM) role to centrally access and manage security alerts and settings across all organizations. Assigned through an enterprise team, security teams will be able to:

• Manage alerts enterprise-wide, including code scanning, secret scanning, and Dependabot alerts.
• Manage security settings, including security configurations, availability policies, and secret scanning custom patterns.
• Approve and review delegated alert dismissal requests and push protection bypass requests with new enterprise-level views.
• Use security alert and settings APIs at the enterprise level.
• Centralize security administration for improved governance.

This means enterprises can more efficiently oversee their security posture, respond to incidents, and ensure compliance across their entire GitHub footprint.

Enterprise teams, roles, and apps in bypass lists

We have expanded support for Enterprise teams, organization roles, and GitHub Apps to provide more flexible and secure policy management.

• Granular bypass permissions for repository rulesets: You can now assign ruleset bypass permissions to Enterprise teams, roles and apps. This provides granular control over who can bypass rules, ensuring both flexibility and compliance. This can be done at the enterprise, organization, and repository level.

• Delegated push ruleset bypasses: To better manage push rulesets at scale, you can now delegate bypass permissions to Enterprise Teams, roles, and apps. This streamlines the process for handling bypass requests across the enterprise.

Learn more and provide feedback

To learn more, check out our documentation on enterprise-level teams, roles, security managers, and rulesets. If you have feedback about these new features, join us on this discussion.

Disclaimer: The UI for features in public preview is subject to change.

[jmaixl]

This is a great next step for governance in an enterprise! We had been duplicating teams across organizations, avoiding enterprise rulesets, and preventing members from seeing enterprise settings. However the limitations in public preview are still not sufficient such as not being able to mention, codeowners, review requests, etc, so we're looking forward to these limitations being addressed first.

How does this interact with EMU?