Fine-grained PATs can access Enterprise APIs [Public Preview]

[glider-bot]

Value Prop

Today, only PATs (Personal Access Tokens) Classic can interact with the Enterprise account - managing SCIM and users, creating organizations, setting policy, and provisioning self-hosted runners, as popular examples. By switching to fine-grained PATs for these APIs, enterprises get a better least-privilege security posture. With this release, you can use tokens with just enough permission to accomplish the job instead of a PAT (Classic) that requires permission to do anything to your enterprise.

Expected Outcome

This release trails #793, which establishes the fine-grained permissions model for the enterprise. Because each API must be updated individually to support new permissions, not every single API will be supported at the time of the public preview. We are prioritizing the most popular APIs to ensure that enterprises can replace the highest number of PATs (Classic), and will ship with at least those for the public preview.

These APIs are:

1. Self-hosted runner management
2. Organization creation
3. SCIM support, for platforms that cannot use a GitHub App for provisioning
4. Enterprise team creation and management
5. Budgeting and Licensing management