@@ -20,7 +20,7 @@ An enterprise account on GitHub Enterprise Cloud delivers advanced administrativ
2020
2121** Security and Compliance**
2222- Enterprise-wide security policies and enforcement
23- - Advanced audit logging with 180-day retention ( extendable via log streaming)
23+ - Advanced audit logging with 180-day retention for audit events (Git events: 7 days); extendable via log streaming
2424- IP allow lists at the enterprise level
2525- SSH certificate authority for cryptographic authentication
2626- SCIM provisioning for automated user lifecycle management
@@ -168,6 +168,43 @@ Billing Managers have specialized access limited to financial and subscription m
168168- Budget managers requiring cost visibility
169169- Accounting personnel processing invoices
170170
171+ ### App Manager
172+
173+ App Managers have specialized permissions to manage GitHub App registrations owned by the enterprise:
174+
175+ ** Capabilities:**
176+ - View, create, edit, and delete GitHub App registrations owned by the enterprise
177+ - Manage app settings and configurations
178+
179+ ** Restrictions:**
180+ - Cannot install and uninstall GitHub Apps on an enterprise or organization
181+ - Cannot access other enterprise administrative settings
182+
183+ ** Use Cases:**
184+ - Platform engineers managing enterprise-wide integrations
185+ - DevOps teams maintaining CI/CD GitHub Apps
186+ - Security teams managing security-related app registrations
187+
188+ ### Security Manager
189+
190+ Security Managers have permissions to effectively manage security features and alerts for the enterprise:
191+
192+ ** Capabilities:**
193+ - View, manage, and assign security configurations at enterprise and organization level
194+ - Manage use of GitHub Secret Protection and GitHub Code Security
195+ - View security alerts and dashboards for all repositories in organizations
196+ - Manage security campaigns for organizations
197+ - Manage repository settings for security features
198+ - Read access for code in all repositories
199+ - Write access for all security alerts in the enterprise
200+
201+ ** Use Cases:**
202+ - Security engineers managing enterprise-wide security posture
203+ - Compliance officers monitoring security alerts
204+ - Security operations teams responding to vulnerabilities
205+
206+ > ** Note:** The enterprise security manager role is currently in public preview and subject to change.
207+
171208### Enterprise Member
172209
173210Enterprise Members are users who belong to at least one organization within the enterprise.
@@ -183,6 +220,31 @@ Enterprise Members are users who belong to at least one organization within the
183220- Outside collaborators are not enterprise members
184221- Member status affects licensing and compliance reporting
185222
223+ ### Guest Collaborator (EMU Only)
224+
225+ Guest Collaborators provide limited access for vendors and contractors in Enterprise Managed Users environments:
226+
227+ ** Characteristics:**
228+ - Provisioned by your IdP, like all managed user accounts
229+ - Can be added as organization members or as collaborators in repositories
230+ - Cannot access internal repositories in the enterprise, except in organizations where they're added as a member
231+ - Different from regular users who automatically gain access to all internal repositories when added to one organization
232+
233+ ** Use Cases:**
234+ - Contractors working on specific projects
235+ - Vendors requiring limited repository access
236+ - External consultants with scoped permissions
237+
238+ ### Custom Enterprise Roles
239+
240+ Custom roles allow defining specific sets of permissions for access to enterprise settings:
241+
242+ ** Capabilities:**
243+ - Define granular permission sets tailored to organizational needs
244+ - Delegate administrative duties securely
245+ - Grant extra privileges to help non-administrators be productive
246+ - Create roles for specific functions (security auditors, compliance reviewers, etc.)
247+
186248## Enterprise Settings and Dashboard Navigation
187249
188250The enterprise dashboard serves as the central command center for enterprise administration.
0 commit comments