Articles

Manage Members, Teams, and Permissions in a GitHub Organization (2026)

April 18, 2026 4 min read

GitHub organizations are more than just a way to group repositories; they’re a powerful tool for managing access and collaboration across a team or company. At their core, they revolve around three interconnected concepts: Members, Teams, and Permissions. Understanding how these interact is key to maintaining a secure and efficient development environment.

Here’s a look at how it all fits together, starting with the most surprising aspect:

Your organization’s security and access control aren’t primarily determined by individual user permissions, but by the teams those users belong to, and the permissions those teams have on specific repositories.

Let’s dive into a real-world scenario. Imagine a company, "Acme Corp," with a GitHub organization. They have several teams and repositories.

graph TD
    A[Alice] --> B(Frontend Team)
    C[Bob] --> B
    D[Charlie] --> E(Backend Team)
    F[David] --> E

    B --> G[Project X Repo]
    E --> H[Project Y Repo]
    E --> G

    G -- Read/Write --> B
    H -- Read/Write --> E
    G -- Read --> E

In this diagram:

  • Members: Alice, Bob, Charlie, and David are individual users who are members of the "Acme Corp" organization.
  • Teams: "Frontend Team" and "Backend Team" are groups of members within the organization. Alice and Bob are in the "Frontend Team." Charlie and David are in the "Backend Team."
  • Permissions: Teams are granted specific permissions on repositories. The "Frontend Team" has Read/Write access to the "Project X Repo." The "Backend Team" has Read/Write access to the "Project Y Repo." Crucially, the "Backend Team" also has Read access to the "Project X Repo."

This hierarchical structure is where the real power lies. Instead of individually managing permissions for Alice, Bob, Charlie, and David on each repository, you manage them through their team assignments.

How it Works Internally: The Role of Teams

When you grant a team permission on a repository, every member of that team inherits those permissions. This is a massive scalability win.

Consider "Project X Repo."

  • Alice, as a member of the "Frontend Team," gets Read/Write access to "Project X Repo."
  • Bob, also in the "Frontend Team," gets Read/Write access to "Project X Repo."
  • Charlie, in the "Backend Team," only gets Read access to "Project X Repo."

This means Charlie can view the code, pull it, and see the history, but he can’t push changes or merge pull requests directly. If you wanted Charlie to have Write access, you’d grant the "Backend Team" Write permissions on "Project X Repo."

Levers You Control:

  1. Adding/Removing Members from Teams: This is your primary tool for granting or revoking access. If Bob leaves the frontend team, you remove him from the "Frontend Team." He instantly loses all permissions associated with that team across all repositories.
  2. Assigning Teams to Repositories: You control which teams have access to which repositories. You can add a new team to an existing repository or grant an existing team access to a new repository.
  3. Defining Team Permissions: For each team-repository assignment, you choose the level of access:
    • No Access: The team cannot see or interact with the repository.
    • Read: Members can view, clone, and pull the repository.
    • Triage: Members can manage issues and pull requests (labeling, assigning, closing) but cannot write code.
    • Write: Members can push to the repository, create branches, and manage pull requests.
    • Maintain: Members can manage the repository’s settings and branches, but cannot delete it.
    • Admin: Full control over the repository, including deletion.

Example Configuration (Conceptual):

On GitHub, when you go to your organization’s settings, then "Teams," you can create teams. For each team, you can then navigate to the "Repositories" tab and click "Add repository." You’ll see a list of your organization’s repositories and can assign a permission level.

For instance, to give the "Frontend Team" Write access to "Project X Repo":

  • Go to Organization Settings -> Teams -> Frontend Team.
  • Click "Repositories."
  • Click "Add repository."
  • Select "Project X Repo."
  • Choose "Write" from the permission dropdown.

This single action grants all current and future members of the "Frontend Team" Write access to "Project X Repo."

The One Thing Most People Don’t Fully Grasp

When a user is a member of multiple teams that have access to the same repository, their effective permissions are the highest permission granted across any of those teams. So, if Alice is in the "Frontend Team" (Write access to Project X) and also in the "QA Team" (Read access to Project X), her effective permission on "Project X Repo" is Write. This means you don’t need to worry about permissions being reduced by being in multiple teams; they’re always aggregated to the highest level.

The next step in managing your organization effectively involves understanding how to organize your teams strategically and leverage GitHub’s built-in security features like SAML SSO and required reviewers.

Want structured learning?

Take the full Github course →