Select visibility according to policy; use visible teams unless secrecy is necessary.
Optionally choose a parent team for nested structures.
Create the team.
Add organization members.
Assign repository access at the lowest suitable role.
Repository Roles
Role
Use
Read
View and clone; suitable for observers and limited stakeholders
Triage
Manage issues and pull requests without writing code
Write
Push code and collaborate normally
Maintain
Manage repository workflows without destructive administrative powers
Admin
Full repository control; restrict carefully
Outside Collaborators
Use outside collaborators for contractors who require access to specific repositories but should not become organization members. Outside collaborators cannot be added to organization teams, so grant repository-level access directly and review it on a defined end date.
Quarterly Access Review
Review organization owners.
Review members and outside collaborators.
Remove dormant or completed contractor access.
Review team memberships and repository roles.
Confirm every privileged user retains 2FA.
Record the review date in the Infrastructure Register.