Permission Scope Narrowed

GitHub has updated the security manager role permissions, removing the ability to enable or disable GitHub Code Quality in repositories. Previously, security managers could configure Code Quality settings; now only repository administrators retain this capability.

What Changed

• Security managers can no longer enable or disable GitHub Code Quality unless they are also repository administrators
• Repository administrators remain the sole role with authority to configure Code Quality settings
• This change applies across all GitHub repositories using the security manager role

Why This Matters

This permission update follows the principle of least privilege, ensuring that the security manager role remains strictly focused on security-related responsibilities. Code Quality configuration has been reclassified as a repository administration function rather than a security management function, clarifying role boundaries and reducing potential scope creep.

Action Required

If you use the security manager role in your organization and need to manage Code Quality settings, you'll need to use an administrator account or adjust role assignments accordingly. For detailed guidance on managing Code Quality settings, consult the GitHub documentation for managing Code Quality.