LogoLogo
HomeAbout usSign up
  • Introduction
  • AttentionSet
    • AttentionSet Best Practices
    • How to View AttentionSet for Others
    • How to Manually Change Attention
    • AttentionSet Chrome extension
    • Attention reasons
    • AttentionSet Slack Home Page
  • Releases
    • Getting Started with Releases
    • Concepts for Releases
      • Terminology for Releases
      • Two-step delivery
      • Rollbacks
      • Cherry-picks
      • Dogfood, Canary and Rollout
      • Release notes
    • How-to Guides for Releases
      • How to Create a Release Project
      • How to Configure Environments
      • How to Create a Scheduled Release
      • Create Custom Workflow Parameters
      • How to Manage Cherry-Picks
      • How to Resolve a Cherry-Pick Failure
      • Working with your CI / CD
        • GitHub Actions workflow
        • Buildkite workflow
    • API Reference for Releases
  • FlexReview
    • Getting Started with FlexReview
    • How to Onboard a Large Org
    • Concepts for FlexReview
      • Read-Only Mode in FlexReview
      • Recursive Ownership in FlexReview
      • Reviewer suggestion and assignment
      • FlexReview Teams and SLO Management
      • Validation in FlexReview
    • How-to Guides for FlexReview
      • How to Get a Reviewer Suggestion
      • How to Exclude Reviewers
      • How to Set Up Team Rules
      • Whitelist Teams for Review Assignment
      • Troubleshoot Reviewer Assignment
      • PagerDuty Integration for Reviewers
      • How to Set Up FlexReview Validation
      • Recommended Slack Notification Settings
      • How to Exclude OOO Reviewers
    • FlexReview Reference
      • Configuration
      • Slash commands
      • Expert scoring algorithms
      • Slack Notifications
      • Out of Office User Exclusion
    • FlexReview Roadmap
  • MergeQueue
    • Getting Started with MergeQueue
    • Merge Rules
    • How-to Guides for MergeQueue
      • How to Configure Base Branches
      • How to Customize Required Checks
      • How to Set Up Fast-Forwarding
      • How to Set Up Pre-Queue Conditions
      • How to Queue / Dequeue via API
      • Pause / Unpause Queues via API
      • Slash Commands Using GitHub Comments
      • How to Customize Sticky Comments
      • Require an Aviator Status Check
      • Backport a PR
      • How to Configure ChangeSets
      • Custom Integrations
        • GitHub Integration
      • How to Create Personal Access Tokens
      • How to Set Up SAML Configuration
        • Microsoft Active Directory
      • How to Merge Stacked PRs
      • How to Block Pull Request Mergeing with Slash Commands
    • Concepts for MergeQueue
      • Queue Modes
      • Pull Request Lifecycle
      • Analytics
      • Parallel Mode
      • CI Status Requirements
      • MQ Created Branches
      • Batching
      • Managing flaky tests
      • Fast-forwarding
      • Pre-Queue Conditions
      • Sticky Comments
      • Backporting
      • Paused Queues
      • Affected Targets
        • Directory-Based Affected Targets
        • nx based affected targets
        • GitHub Actions based Affected Targets
      • ChangeSets
        • Global CI Validation
        • ChangeSets FAQs
      • Priority Merges
        • Instant Merges
      • Merge Rules Audit Trail
      • Timeline
      • Ready Hook
      • Reduce Queue Failures From Staleness
    • MergeQueue References
      • Configuration Schema
      • Configuration Reference MergeQueue
      • GitHub Slash Commands
      • Status Codes
  • Stacked PRs CLI
    • Quickstart for Stacked PRs CLI
    • CLI Installation
    • How-to Guides for Stacked PRs CLI
      • How to Create Stacked PRs in CLI
      • How to Navigate & Modify Stacked PRs
      • Add Commits in the Stack
      • How Split a Commit in CLI
      • How to Split and Fold Pull Requests
      • How to Rename a Branch in CLI
      • How to Adopt a Branch in CLI
      • Orphan a Branch with Aviator CLI
      • How to Do Git Subcommand Aliasing
      • How to Create an Access Token
      • How to Set Up Auto Completion in CLI
      • How to Use Editor Plugins in CLI
    • Concepts for StackedPRs CLI
    • How to Rebase and Sync with GitHub
    • Configuration for StackedPRs CLI
    • Stacked PRs FAQs and Troubleshooting
      • Working with Aviator CLI
      • Default Branch Update Master to Main
    • Manpages for Stacked PRs CLI
      • av(1)
      • av-adopt Command Guide
      • av-auth-status(1) in CLI
      • av-stack-branch(1) in CLI
      • av-commit-create(1) in CL
      • av-stack-diff(1) in CLI
      • av-fetch(1) in CLI
      • av-git-interaction Command Guide
      • av-init(1) in CLI
      • av-stack-next(1) in CLI
      • av-orphan Command Guide
      • av-pr-status(1) in CLI
      • av-pr-create(1) in CLI
      • av-stack-prev(1) in CLI
      • av-stack-reorder(1) in CLI
      • av-reparent Command Guide
      • av-restack Command Guide
      • av-commit-split(1) in CLI
      • av-switch Command Guide
      • av-stack-sync(1) in CLI
      • av-stack-tidy(1) in CLI
      • av-stack-tree(1) in CLI
    • Aviator CLI Major Releases
      • Aviator CLI v0.1.0 Release Notes
  • Aviator's Chrome Extension
  • Pilot Automated Actions
    • Scheduled Events
    • JavaScript Execution
    • Pilot Automated Actions Reference
      • GitHub Reference
      • MergeQueue Reference
      • Slack Reference
  • API and Integrations
    • Slack Integration Guide
    • GraphQL API Quickstart
    • Prometheus Metrics Setup for GCP
    • Reference
      • JSON API
      • GraphQL
      • Webhooks
      • Monitoring Metrics
  • Manage
    • Access Management
    • GitHub App Permissions
    • Security
      • Aviator Agents Data Usage & Retention Policy
    • On-Premise Installation
      • GitHub App for On-Prem
      • GitHub OAuth for On-Prem
      • Use Helm Instructions
      • Use Docker Compose Instructions
      • Prometheus endpoint
      • Slack Integration for On-Premise
      • Google SSO Login for On-Prem
    • FAQs
      • Troubleshooting GitHub app connection
      • MergeQueue FAQs
      • Billing FAQs
Powered by GitBook
On this page
  • Repository Permissions
  • Actions (read & write)
  • Administration (read only)
  • Checks (read & write)
  • Commit statuses (read only)
  • Contents (read & write)
  • Issues (read & write)
  • Metadata (read only)
  • Pull requests (read & write)
  • Workflows (read & write)
  • Organization Permissions
  • Members (read only)
  • Further reading

Was this helpful?

  1. Manage

GitHub App Permissions

View core permissions the Aviator app requests on your GitHub repositories that you choose to connect with Aviator.

The Aviator app requests a set of permissions on your GitHub repositories that you choose to connect with Aviator. While Aviator tries to request as few permissions as it needs to function, GitHub only allows us to request fairly broad groups of permissions. We’re committed to your privacy and security, so Aviator only uses the subset of permissions it needs to do its job.

Repository Permissions

Actions (read & write)

This permission includes access to workflows, workflow runs and artifacts.

Aviator uses this permission for fetching and triggering GitHub Action workflows in Release Management.

Administration (read only)

This permission includes read-only access to repository settings, teams, and collaborators.

Aviator uses this permission in order to access a repository’s branch protection rules. Aviator will not (and cannot) edit any settings on your GitHub organization or repository.

Checks (read & write)

This permission includes access to checks on code (such as GitHub actions and other integrations like CircleCI).

Aviator uses this permission to examine the status checks of your commits, branches, and pull requests. Aviator uses this information to determine when pull requests should be allowed to merge.

Commit statuses (read only)

This permission includes access to commit statuses.

Aviator uses this permission to read the status information from individual commits or branches.

Contents (read & write)

This permission includes access to repository contents, commits, branches, downloads, releases, and merges.

Aviator uses this permission to download the Aviator configuration file if you’ve added it to your repository.

Additionally, Aviator uses write permissions to update branches that are created and managed by Aviator as well and to perform actions explicitly requested by users (e.g., the /aviator sync command can be used to update a branch on demand).

Aviator may also access temporarily source code references in order to perform certain operations that are not supported directly on GitHub (such as rebasing pull requests). These actions are not enabled by default.

Issues (read & write)

This permission includes access to issues and related comments, assignees, labels, and milestones.

Aviator uses this permission in order to read and write issue comments. Due to limitations with the GitHub API (pull requests and issues are deeply interlinked), we need this permission in addition to the Pull Requests permission in order to listen to comments on pull requests (such as /aviator sync and other commands).

Metadata (read only)

This permission includes access to search repositories, list collaborators, and access repository metadata.

Aviator is required to request this permission (it is mandatory for all GitHub apps). It does not include access to any privileged information about the repository.

Pull requests (read & write)

This permissions includes access to pull requests and related comments, assignees, labels, milestones, and merges.

Aviator uses this permission to view, update, and merge pull requests which are managed by Aviator (e.g., when adding the ready-to-merge label to a pull request that should be placed into the queue).

Workflows (read & write)

This permission includes ability to add or update an existing workflow.

Aviator uses this permissions to be able to merge pull requests that contain changes in directory .github/workflows/. Without this permission, Aviator may return an error when trying to queue or merge that particular pull request.

Organization Permissions

Members (read only)

This permission includes access to organization, and team membership.

Aviator uses this permission to confirm membership of users. This allows for actions to be restricted to only certain teams or organization members.

Further reading

PreviousAccess ManagementNextSecurity

Last updated 11 months ago

Was this helpful?

For a detailed explanation of what actions are enabled why the permissions above, see the . Aviator does not use every single permission that it is granted (since GitHub only allows app developers to choose broad buckets of permissions like “administration” rather than just “branch protection rules”).

GitHub developer docs for app permissions