Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Modifying teams and roles enforces all permissions and scoping in elevation checks #5537
Stronger permissions elevation prevention measures.
What it actually enables people to do
You can now grant TeamCreate/Edit and UserRoleCreate/Edit to a broader set of users knowing they cannot elevate their own or other users permissions.
What pain relievers or gain generators are we solving for people?
Previously we treated the combination of TeamCreate/Edit and UserRoleCreate/Edit as sufficient privilege and the elevation checks were only about preventing the granting the top level permissions like
What does it look like