Skip to content

docs: clarify fine-grained PAT requirements for organization-owned Projects v2 #7449

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mnkiefer merged 8 commits into from
Dec 23, 2025
Merged

docs: clarify fine-grained PAT requirements for organization-owned Projects v2 #7449

mnkiefer merged 8 commits into from
Dec 23, 2025
+68 −104

Conversation

Copy link
Contributor

Copilot AI commented Dec 23, 2025
edited
Loading

Organization-owned Projects v2 with fine-grained PATs require explicit permissions that weren't clearly documented. This caused confusion about which permissions are needed for both the GitHub MCP toolset and the update-project safe output.

Changes

projectops.md

  • Expanded organization-owned projects section with granular permission requirements:
    • Repository permissions: Contents: Read, Issues: Read, Pull requests: Read (as needed)
    • Organization permissions: Projects: Read & Write
  • Added "Organization-Owned Project Configuration" section with complete example showing both tools.github and safe-outputs.update-project configuration

tokens.md

  • Enhanced fine-grained PAT setup (Option B) with detailed permission breakdown
  • Added Option 3: complete organization project + GitHub tools integration pattern
  • Clarified that organization access must be explicitly granted during token creation

Configuration Pattern

tools:
  github:
    toolsets: [default, projects]
    github-token: ${{ secrets.ORG_PROJECT_WRITE }}

safe-outputs:
  update-project:
    github-token: ${{ secrets.ORG_PROJECT_WRITE }}

The token requires:

  • Repository access to specific repos with Contents: Read, Issues: Read, Pull requests: Read
  • Organization permission: Projects: Read & Write
Original prompt

Update ProjectOps documentation for organization-owned projects to use a fine-grained one that has repository access with the following permissions:
Organizations > Project: Read & Write
Repositories > Contents: Read, (Issues: Read, Pull requests: Read as needed).
Workflows need the following with the PAT being as described above:

tools:
github:
toolsets: [default, projects]
github-token: ${{ secrets.ORG_PROJECT_WRITE }}

safe-outputs:
update-project:
github-token: ${{ secrets.ORG_PROJECT_WRITE }}

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@mnkiefer mnkiefer marked this pull request as ready for review December 23, 2025 22:19
Copilot AI changed the title [WIP] Update ProjectOps documentation for organization-owned projects docs: clarify fine-grained PAT requirements for organization-owned Projects v2 Dec 23, 2025
Copilot AI requested a review from mnkiefer December 23, 2025 22:20
@mnkiefer
Update token creation instructions in projectops.md
9242066 
Clarified token requirements for user and organization-owned projects, specifying classic and fine-grained PATs with necessary scopes.
@mnkiefer mnkiefer merged commit 8ffdea5 into main Dec 23, 2025
3 checks passed
@mnkiefer mnkiefer deleted the copilot/update-projectops-docs branch December 23, 2025 22:32
This was referenced Dec 23, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@mnkiefer mnkiefer mnkiefer approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mnkiefer mnkiefer

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mnkiefer