Permissions overview
Anyone with admin permissions to a repository can create a security advisory.
Anyone with admin permissions to a repository also has admin permissions to all security advisories in that repository. People with admin permissions to a security advisory can add collaborators, and collaborators have write permissions to the security advisory. For more information about adding a collaborator to a security advisory, see "Adding a collaborator to a security advisory."
| Action | Write permissions | Admin permissions |
|---|---|---|
| See a draft security advisory | X | X |
| Add collaborators to the security advisory (see "Adding a collaborator to a security advisory") | X | |
| Edit and delete any comments in the security advisory | X | X |
| Create a temporary private fork in the security advisory (see "Collaborating in a temporary private fork to resolve a security vulnerability") | X | |
| Add changes to a temporary private fork in the security advisory (see "Collaborating in a temporary private fork to resolve a security vulnerability") | X | X |
| Create pull requests in a temporary private fork (see "Collaborating in a temporary private fork to resolve a security vulnerability") | X | X |
| Merge changes in the security advisory (see "Collaborating in a temporary private fork to resolve a security vulnerability") | X | |
| Add and edit metadata in the security advisory (see "Publishing a security advisory") | X | X |
| Add and remove credits for a security advisory (see "Editing a security advisory") | X | X |
| Close the draft security advisory | X | |
| Publish the security advisory (see "Publishing a security advisory") | X |