We have a private org with multiple private repos and teams with 15-20 people on it in total, half of them are devs, the other half is marketing, sales, support.
Software developers should have access to the code/issues/etc… the usual stuff…
People in the marketing, sales and support should have access only to issues. Meaning I want them to be able to create/update/comment/follow issues, but they should NOT have access to our code, because they don’t need it to do their job - this is adding an unnecessary security concern.
I know that right now there is only read/write roles, but that includes access to our code.