Enterprise custom org roles (#57170)

Co-authored-by: Copilot <[email protected]>
Co-authored-by: Sunbrye Ly <[email protected]>
Co-authored-by: sunbrye <[email protected]>

Author: 3 people

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise.md

@@ -109,3 +109,17 @@ Enterprise members:
 You may need to update your IdP application to use guest collaborators. See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/enabling-guest-collaborators).
 
 {% endif %}
+
+## Custom organization roles
+
+With {% data variables.product.prodname_ghe_cloud %} and starting from {% data variables.product.prodname_ghe_server %} 3.19, enterprise owners can create custom organization roles for use in all of the enterprise's organizations. This allows centralized management of common roles such as "Developer" or "SRE team". Only enterprise owners can create or edit these roles, and any organization owner or user with the "Manage organization roles" permission can assign them in an organization.
+
+When creating an organization role, enterprise owners can use the same organization and repository permissions and base roles as organization owners—there is no difference in how these roles function or what they can allow.
+
+{% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.people-tab %}
+1. Select the "Organization Roles" section in the left-hand menu.
+1. Create a new role using the "Create custom role" button, or edit an existing role using the ellipsis menu (...).
+
+See [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles) for more information about creating and assigning custom organization roles.
+
+At this time, up to 20 custom organization roles can be created by the enterprise. This limit is only for the enterprise - each organization can also create up to 20 custom organization roles.

content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles.md

@@ -14,13 +14,15 @@ product: 'Organizations on {% data variables.product.prodname_ghe_cloud %}{% ifv
 
 {% data reusables.organizations.custom-org-roles-intro %} For more information, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles).
 
-If you are an organization owner or have a custom role with the "View organization roles" or "Manage custom organization roles" permissions, you can view custom roles for the organization. To find the "Custom roles" page, you can follow the first steps in [Creating a custom role](#creating-a-custom-role). The exact steps will vary depending on which other settings page you have access to.
+If you are an organization owner or have a custom role with the "View organization roles" or "Manage custom organization roles" permissions, you can view custom roles for the organization. With {% data variables.product.prodname_ghe_cloud %} and starting from {% data variables.product.prodname_ghe_server %} 3.19, if your enterprise owner has created organization roles, these roles can be seen and assigned as well, but not edited or deleted.
 
-To{% ifversion org-pre-defined-roles %} view organization role permissions and{% endif %} manage organization role assignments, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles)
+To find the "Custom roles" page, you can follow the first steps in [Creating a custom role](#creating-a-custom-role). The exact steps will vary depending on which other settings page you have access to.
+
+To{% ifversion org-pre-defined-roles %} view organization role permissions and{% endif %} manage organization role assignments, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles).
 
 ## Creating a custom role
 
-Organization owners and users with the "Manage custom organization roles" permission can create up to 10 custom organization roles.
+Organization owners and users with the "Manage custom organization roles" permission can create up to 20 custom organization roles. On {% data variables.product.prodname_ghe_server %} earlier than 3.19, you can create up to 10.
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}

content/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles.md

@@ -21,7 +21,7 @@ You can have more granular, scalable control over the access you grant to your o
 
 {% ifversion ghec or ghes %}
 
-In addition to pre-defined roles, you can also create up to 10 custom roles that define groups of permissions. For more information, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles).
+In addition to pre-defined roles, you can also create up to 20 custom roles that define groups of permissions. Your enterprise owner can also create organization roles for you to use. On {% data variables.product.prodname_ghe_server %} earlier than 3.19, you can create up to 10 custom roles. For more information, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles) and [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise).
 
 {% endif %}
 

content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles.md

@@ -20,7 +20,7 @@ To perform any actions on {% data variables.product.github %}, such as creating
 
 Within an organization, you can assign roles at the organization, team, and repository level. For more information about the different levels of roles, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization).
 
-You can have more granular control over the permissions you grant at the repository level by creating up to five custom repository roles. {% data reusables.organizations.about-custom-repo-roles %} For more information, see [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization).
+You can have more granular control over the permissions you grant at the repository level by creating up to 20 custom repository roles. On {% data variables.product.prodname_ghe_server %} earlier than 3.19, you can create up to five custom repository roles. {% data reusables.organizations.about-custom-repo-roles %} For more information, see [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization).
 
 After you create a custom role, anyone with admin access to a repository can assign the role to an individual or team. For more information, see [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-an-individuals-access-to-an-organization-repository) and [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-team-access-to-an-organization-repository).
 

data/features/enterprise-custom-org-roles.yml

@@ -0,0 +1,5 @@
+# https://github.com/github/docs-content/issues/18495
+# Enterprise-managed custom org roles and the limit increase to 20 roles
+versions:
+  ghec: '*'
+  ghes: '>=3.19'