Enterprise security manager (beta)

[github-product-roadmap]

Summary

In our commitment to enhancing the application security experience for our customers, we will soon be releasing an enterprise security manager role, designed to provide security oversight across your enterprise. This role is designed to empower a designated team with comprehensive security management capabilities across all organizations within your enterprise. Members assigned to this role will have the authority to manage enterprise-wide security settings and code security policies, access security-related enterprise APIs, and oversee all data within the enterprise-level security overview pages. Additionally, they will possess all the permissions currently held by organization-level security managers.

Intended Outcome

Our enterprise customers have expressed a more streamlined way to empower their security-focused teams without the added complexity of adding a security manager team to each organization. Moreover, these teams often require access to enterprise-level policies and security settings, which traditionally have been reserved for the enterprise owner or granted only partially. This new role addresses these needs by providing:

• Simplified, centralized access management across all organizations with just a few clicks.
• Expanded permissions that encompass both organization-level and enterprise-level oversight and control.

How will it work?

The enterprise security manager role is designed to be assigned collectively to an enterprise team and the process will involve only two steps:

1. Create an enterprise team: Your enterprise owner will begin by forming an enterprise team, similar how you create a team at the organization level today.
2. Grant organization membership and roles: Your enterprise owner will then grant organization membership and assign the security manager role to the enterprise team all in a few simple clicks.

Once the team is configured, team members will be able to:

• Manage security settings and code security policies at the enterprise level.
• Access enterprise-level security-related APIs.
• View security data for all organizations in the enterprise-level security overview.
• Retain the capabilities typically granted to organization security managers, including the ability to view and dismiss alerts and configure security settings at the organization and repository levels.