Security manager improvements and custom organization security roles (beta)

[github-product-roadmap]

Summary

As an enterprise customer, you have the ability to assign the security manager role to any team in an organization. When applied, it gives every member of that team permissions to manage security alerts and settings across your organization, as well as read all repositories in the organization. Further, you have the ability to create repository-level custom security roles with any of the following security manager permissions to a user or team:

• View secret scanning
• Dismiss secret scanning
• View code scanning
• Dismiss code scanning
• Delete code scanning alerts
• View Dependabot alerts
• Dismiss Dependabot alerts

Enterprises wanting more personalized control over security manager permissions for their organization will benefit from upcoming enhancements. The enhancements will offer advanced control over security permissions, meeting growing demands for custom access levels.

Intended Outcome

This feature aims to give you advanced control over security permissions, accommodating your increasing need for customized access levels.

How will it work?

The security manager role will continue to exist, but will be enhanced so that you can assign the role to individual users in addition to teams at the organization level.

Moreover, enterprises will be able to create customized security manager roles at the organization level using the listed security permissions. These custom roles can have a combination of organization-wide permissions (like viewing the organization's audit log) and repository-specific permissions (such as allowing Dependabot alert view access) for all organization's repositories. Learn more about organization custom roles.