Why was a PM able to create a team? #195527
Replies: 3 comments
-
|
This behavior is expected in GitHub Organizations. Creating a Team is not controlled by repository permissions (like read access). Instead, it is an organization-level permission. In many GitHub Enterprise setups, members are allowed to create teams even if they only have read access to repositories. This depends on an organization setting such as:
So even if she cannot manage repositories or assign teams to repos, she can still create a team because team creation is independent from repo access permissions. If you want to restrict this, an organization owner/admin can disable team creation for members in the organization settings. |
Beta Was this translation helpful? Give feedback.
-
|
Hey, good question — this one's a bit counterintuitive but it's actually by design. In GitHub, the ability to create a team is tied to organization membership, not repository permissions. As long as someone is a member of the organization (not just an outside collaborator), they can create a team by default — regardless of whether they have read, write, or admin access to any repos. So what you're seeing makes sense: she's an org member with read-only access to repos, which means she can create teams but can't add those teams to any repos (since that requires write or admin access on the repo level). If you want to restrict team creation to only org owners or admins, you can do that under your Organization Settings → Member privileges — there should be an option along the lines of "Allow members to create teams" that you can toggle off. Once disabled, only org owners can create teams. Worth double-checking that setting across each org she was added to if you want consistent behavior throughout your Enterprise. |
Beta Was this translation helpful? Give feedback.
-
Entendendo as Permissões do GitHub TeamsO que aconteceu é um comportamento padrão do GitHub que costuma confundir muitos administradores. O ponto principal é que existe uma separação clara entre as permissões de repositório e as permissões de organização. A Diferença entre PapéisA sua gestora de programas foi adicionada como Membro (Member) da organização. No GitHub, as permissões funcionam em camadas independentes:
Ela conseguiu criar a equipe porque o privilégio de "Team Creation" é, por definição, concedido a todos os membros da organização, independentemente de eles terem acesso de leitura ou escrita nos repositórios. Como Restringir a Criação de EquipesPara evitar que membros (que não sejam Owners) criem equipes, você deve alterar essa configuração global:
Note Ao desativar isso, apenas os Organization Owners poderão criar novas equipes. Isso não afetará as equipes já criadas, mas impedirá que novos usuários façam o mesmo. Resumo do Porquê Isso Ocorreu
O fato de ela ter apenas "Read" nos repositórios internos não anula o privilégio de "Membro" de gerenciar estruturas organizacionais, a menos que você altere explicitamente a configuração mencionada acima. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
🏷️ Discussion Type
Question
💬 Feature/Topic Area
Issues
Body
This is a question about GitHub Teams. I didn't see a category for that, so I choose this one. I hope that's OK.
Today I added a program manager to a couple of our GitHub Organizations (within our GitHub Enterprise.) At this point she only has read access to all the Internal repos, and that's the only type of repo we have in our organizations. It was my understanding that she could not create a GitHub Team. However, while I was watching her, she did create a GitHub Team. She can't add the team to any repo, but she could create a team.
Why is that possible?
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions