Skip to main content
Teams are groups of organization members with specific access permissions to repositories. Teams provide fine-grained control over who can read, write, or administer repositories within an organization.

Understanding Teams

Every organization has at least one team - the Owners team. Teams allow you to:
  • Group users with similar responsibilities
  • Grant specific permissions to repository units (code, issues, pull requests, etc.)
  • Manage access across multiple repositories at once
  • Create specialized roles beyond simple read/write access

Default Teams

When you create an organization, an Owners team is automatically created:
Source: models/organization/org.go:335-343 The Owners team:
  • Has full access to all repositories
  • Can manage all organization settings
  • Automatically includes all repositories (existing and future)
  • Cannot be deleted
  • Must have at least one member

Creating a Team

Organization owners can create new teams:
  1. Navigate to your organization
  2. Go to the Teams tab
  3. Click New Team
  4. Configure team settings:
    • Team Name - Unique within the organization
    • Description - Optional team description
    • Permission Level - Overall access mode
    • Repository Access - Specific or all repositories
    • Unit Permissions - Granular access to repository features

Team Creation Example

Source: services/org/team.go:27-85

Team Permission Levels

Teams can have different base permission levels:

Read

View and clone repositories. Can view issues and pull requests but cannot modify them.

Write

Read access plus ability to push to repositories, create issues, and comment on discussions.

Admin

Write access plus ability to manage repository settings, webhooks, and collaborators.

Owner

Full access to all organization repositories and settings. Can delete the organization.
These permission levels are defined in the code:
Source: models/perm/access_mode.go:14-23

Repository Access

Teams can access repositories in two ways:

Specific Repositories

Manually add repositories to the team. The team will only have access to explicitly added repositories.

All Repositories

Enable IncludesAllRepositories to automatically grant the team access to all current and future repositories:
Source: models/organization/team.go:74-87

Unit-Level Permissions

Teams can have different permission levels for different repository units:
Unit permissions allow fine-grained access control. For example, a team can have write access to code but only read access to issues.

Available Units

  • Code - Repository code and Git operations
  • Issues - Issue tracking
  • Pull Requests - Pull request management
  • Releases - Release management
  • Wiki - Repository wiki
  • External Wiki - Link to external wiki
  • External Tracker - Link to external issue tracker
  • Projects - Project boards
  • Packages - Package registry
  • Actions - CI/CD workflows

Team Unit Structure

Source: models/organization/team_unit.go:14-26

Managing Team Members

Adding Members

Organization owners can add members to teams:
Source: services/org/team.go:210-247

Removing Members

When removing a team member:
  • User access to team repositories is recalculated
  • If the user is not in any other teams, they’re removed from the organization
  • Cannot remove the last owner from the Owners team
Source: services/org/team.go:275-327

Team Invitations

Organization owners can invite users to teams via email:
  1. Enter an email address when adding a team member
  2. An invitation is sent to the email
  3. The user can accept the invitation from the email link
  4. Upon acceptance, they join the team
Email invitations require that mail service is configured in Gitea settings.

Updating Teams

When updating team settings:
Source: services/org/team.go:88-158

Deleting Teams

Deleting a team removes all members and repository access. Users who were only in this team will be removed from the organization.
When deleting a team:
  1. All repository access is removed
  2. Branch protection rules are updated
  3. Team members are removed
  4. Users with no other teams are removed from the organization

Frequently Asked Questions

Yes, users can be members of multiple teams within the same organization. Their effective permissions for a repository are the highest permission granted by any team they belong to.
Users always receive the highest permission level granted by any team they belong to. For example, if a user is in Team A (read access) and Team B (write access), they will have write access.
Yes, when a team has access to multiple specific repositories, the same unit-level permissions apply to all of them. To have different permissions for different repositories, create separate teams.
This permission allows team members to create new repositories within the organization. By default, only owners can create repositories, but you can grant this to other teams.
Yes, organization owners can rename teams at any time. The team’s permissions and members remain unchanged.
  • Admin teams have administrative access to repositories but cannot manage the organization itself
  • Owner teams (specifically the Owners team) can manage all organization settings, teams, and members