Permissions Change

GitHub has updated role-based access control for GitHub Code Quality. The security manager role can no longer enable or disable Code Quality for repositories unless they also hold administrator privileges.

What Changed

Previously, security managers had the ability to manage Code Quality settings. Under the new policy:

• Only repository administrators can enable or disable GitHub Code Quality
• Security manager role permissions are now narrowed to security-specific features
• This enforces the principle of least privilege across GitHub's role system

Action Required

If your organization relies on security managers to configure Code Quality, you'll need to adjust your access control strategy:

• Delegate Code Quality management to repository administrators
• Review your current security manager assignments to ensure they still cover necessary security functions
• Update any documentation or runbooks that reference security manager Code Quality permissions

For more details on configuring Code Quality, see GitHub's documentation on managing Code Quality settings.