[Public preview] Repository policies & enterprise custom properties (#53279)

Co-authored-by: Patrick Knight <patrick-knight@github.com>
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
Co-authored-by: Rachael Rose Renk <91027132+rachaelrenk@users.noreply.github.com>

content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md

@@ -18,10 +18,16 @@ To help you enforce business rules and regulatory compliance, policies provide a
 
 For example, with the "Base permissions" policy, you can allow organization owners to configure the "Base permissions" policy for their organization, or you can enforce a specific base permissions level, such as "Read", for all organizations within the enterprise.
 
-By default, no enterprise policies are enforced. To identify policies that should be enforced to meet the unique requirements of your business, we recommend reviewing all the available policies in your enterprise account, starting with repository management policies. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise)."
+## Enforcing policies
+
+By default, no enterprise policies are enforced. To identify policies that should be enforced to meet the unique requirements of your business, we recommend reviewing all the available policies in your enterprise account, starting with repository management policies.
 
 While you're configuring enterprise policies, to help you understand the impact of changing each policy, you can view the current configurations for the organizations owned by your enterprise.
 
+{% data reusables.enterprise.repo-policy-rules-alternative %}
+
+For a full list of repository management policies, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise)."
+
 {% ifversion ghes %}
 Another way to enforce standards within your enterprise is to use pre-receive hooks, which are scripts that run on {% data variables.location.product_location %} to implement quality checks. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks)."
 {% endif %}

content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md

@@ -48,7 +48,11 @@ shortTitle: Repository management policies
 
 ## About policies for repository management in your enterprise
 
-You can enforce policies to control how members of your enterprise on {% data variables.product.product_name %} manage repositories. You can also allow organization owners to manage policies for repository management. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories)" and "[AUTOTITLE](/organizations)."
+You can enforce policies to control how members of your enterprise on {% data variables.product.product_name %} manage repositories. You can also allow organization owners to manage policies for repository management.
+
+{% ifversion repo-policy-rules %}
+>[!NOTE] This page describes the policies you can set on the "Member privileges" page in your enterprise settings. Certain restrictions, such as who can create, delete, or transfer repositories, are also available in a **repository policy**. Repository policies give you more flexibility over which users are affected and which organizations and repositories are targeted. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise)."
+{% endif %}
 
 {% ifversion ghes %}
 
@@ -197,7 +201,8 @@ Across all organizations owned by your enterprise, you can allow members with ad
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
-1. On the **Repository policies** tab, under "Repository issue deletion", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
+{% data reusables.enterprise-accounts.repositories-tab %}
+1. Under "Repository issue deletion", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
 1. Under "Repository issue deletion", select the dropdown menu and click a policy.
 
 {% ifversion ghes %}

content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise.md

@@ -0,0 +1,76 @@
+---
+title: Governing how people use repositories in your enterprise
+intro: "Create a repository policy to control who can do things like create and delete repositories."
+permissions: Enterprise owners
+versions:
+  feature: repo-policy-rules
+type: how_to
+topics:
+  - Enterprise
+  - Repositories
+shortTitle: Govern repository usage
+---
+
+{% data reusables.enterprise.repo-policy-rules-preview %}
+
+{% data reusables.enterprise.repo-policy-rules-intro %}
+
+>[!TIP] If you're an **organization owner**, you can create a repository policy for a specific organization. See "[AUTOTITLE](/organizations/managing-organization-settings/governing-how-people-use-repositories-in-your-organization)."
+
+## Examples
+
+{% data reusables.enterprise.repo-policy-rules-examples %}
+
+## How will I target repositories?
+
+First, you'll target organizations in your enterprise. You can select all organizations, choose from a list, or create a dynamic rule using `fnmatch` syntax. If you use {% data variables.product.prodname_emus %}, you can also choose to target all repositories owned by users in your enterprise.
+
+Then, you'll target repositories in the selected organizations. {% data reusables.enterprise.repo-policy-rules-with-custom-properties %}
+
+## Interaction with other policies
+
+{% data reusables.enterprise.repo-policy-rules-with-existing-policies %}
+* They're visible to organization owners, so there is more transparency around what is permitted.
+* They allow you to target repositories owned by {% data variables.product.prodname_emus %}.
+
+## Creating a repository policy
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+1. Under "Policies", click **Repository**.
+1. Click **New policy**.
+1. Configure your new policy, then click **Create**. For help, consult the following subsections.
+
+### Policy name
+
+Use something descriptive to communicate the purpose of the policy. Organization owners can view the policy, so good names help add clarity. For example: `Prevent public repos on production`.
+
+### Enforcement status
+
+{% data reusables.enterprise.repo-policy-rules-enforcement %}
+
+### Allow list
+
+{% data reusables.enterprise.repo-policy-rules-allow-list %}
+
+### Targets
+
+Choose which organizations and repositories the policy applies to.
+
+#### Target organizations
+
+Select all organizations, choose a selection of existing organizations, or set a dynamic list by name. If you use {% data variables.product.prodname_emus %}, you can also choose to target all repositories owned by users in your enterprise.
+
+If you set a dynamic list, you'll add one or more naming patterns using `fnmatch` syntax. For example, the string `*open-source` would match any organization with a name that ends with `open-source`. For syntax details, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#using-fnmatch-syntax)."
+
+#### Target repositories
+
+Choose which repositories (current or future) to target in the selected organizations. You can select all repositories or set a dynamic list by custom property.
+
+### Policies
+
+{% data reusables.enterprise.repo-policy-rules-policies-section %}
+
+## Further reading
+
+To set additional policies for repository management, see "[AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise)."

content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/index.md

@@ -11,8 +11,10 @@ versions:
 topics:
   - Enterprise
 children:
+  - /governing-how-people-use-repositories-in-your-enterprise
   - /viewing-user-owned-repositories-in-your-enterprise
   - /accessing-user-owned-repositories-in-your-enterprise
+  - /managing-custom-properties-for-repositories-in-your-enterprise
   - /configuring-git-large-file-storage-for-your-enterprise
   - /disabling-git-ssh-access-on-your-enterprise
   - /locking-a-repository

content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/managing-custom-properties-for-repositories-in-your-enterprise.md

@@ -0,0 +1,44 @@
+---
+title: Managing custom properties for repositories in your enterprise
+intro: 'Create custom properties to give organizations a consistent way to categorize repositories.'
+permissions: Enterprise owners
+versions:
+  ghec: '*'
+topics:
+  - Repositories
+shortTitle: Custom properties
+---
+
+> [!NOTE] Custom properties for your enterprise are in {% data variables.release-phases.public_preview %} and subject to change.
+
+Custom properties allow you to decorate your repositories with information such as compliance frameworks, data sensitivity, or project details. Custom properties are private and can only be viewed by people with read permissions to the repository. An enterprise can have up to 100 property definitions. An allowed value list can have up to 200 items.
+
+Defining custom properties at the enterprise level allows you to create consistent values that users can apply to repositories. With custom properties in place, you can apply consistent governance across repositories in your enterprise by creating a ruleset or repository policy targeting repositories with certain properties. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise)."
+
+## Allowed characters
+
+{% data reusables.repositories.custom-property-allowed-characters %}
+
+## Who can set and view values for custom properties I define?
+
+After you define a custom property, users can set a value for that property in repositories in the enterprise. See "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization#setting-values-for-repositories-in-your-organization)."
+
+* As an enterprise owner, you can set a default value for required properties.
+* Organization owners can set values in their organization, either across repositories or at the repository level.
+* If enabled, people with repository access, or the `custom properties` fine-grained permission, can set and update the property value for their repository.
+
+People with read permissions to a repository can view the custom property values for that repository.
+
+Additionally, organization owners can search for repositories in their organization by custom property values. See "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization#searching-and-filtering-repositories-by-custom-property-values)."
+
+## Adding custom properties
+
+You can add custom properties to your enterprise to make those properties available in all of your orgaizations.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+1. In the left sidebar, under "Policies", click **Custom properties**.
+1. To add a new custom property, in the upper-right corner, click **New property**.
+1. Enter a name, description, and type for the custom property. The name must be unique across all of your organizations, and cannot contain spaces.
+1. Optionally, select **Allow repository actors to set this property**. When enabled, repository users and apps with the repository-level `custom properties` fine-grained permission will be able to set and update the property value for their repository. Additionally, any actor creating a repository can set the property on the repository.
+1. Optionally, select **Require this property for all repositories** and add a default value. This means that you require that all repositories in your enterprise have a value for this property. Repositories that don’t have an explicit value for this property will inherit the default value.
+1. Click **Save property**.

content/organizations/managing-organization-settings/governing-how-people-use-repositories-in-your-organization.md

@@ -0,0 +1,64 @@
+---
+title: Governing how people use repositories in your organization
+intro: "Create a repository policy to control who can do things like create and delete repositories."
+permissions: Organization owners
+versions:
+  feature: repo-policy-rules
+type: how_to
+topics:
+  - Repositories
+shortTitle: Govern repository usage
+---
+
+{% data reusables.enterprise.repo-policy-rules-preview %}
+
+{% data reusables.enterprise.repo-policy-rules-intro %}
+
+>[!TIP] If you're an **enterprise owner**, you can create a repository policy that applies to multiple organizations. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise)."
+
+## Examples
+
+{% data reusables.enterprise.repo-policy-rules-examples %}
+
+## How will I target repositories?
+
+{% data reusables.enterprise.repo-policy-rules-with-custom-properties %}
+
+As an alternative to custom properties, you can choose from a list of repositories or use `fnmatch` syntax to target repositories with certain naming patterns.
+
+## Interaction with other policies
+
+{% data reusables.enterprise.repo-policy-rules-with-existing-policies %}
+
+## Creating a repository policy
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+1. On the left side of the page, in the sidebar, click **{% octicon "law" aria-hidden="true" %} Policies**.
+1. Under "Policies", click **Repository**.
+1. Click **New policy**.
+1. Configure your new policy, then click **Create**. For help, consult the following subsections.
+
+### Policy name
+
+Use something descriptive to communicate the purpose of the policy. For example: `Prevent public repos on production`.
+
+### Enforcement status
+
+{% data reusables.enterprise.repo-policy-rules-enforcement %}
+
+### Allow list
+
+{% data reusables.enterprise.repo-policy-rules-allow-list %}
+
+### Targets
+
+Choose which repositories in the organization the policy applies to. You can select all repositories, choose a selection of existing repositories, or create a dynamic rule by name or custom property for current and future repositories.
+
+If you set a dynamic list by name, you'll add one or more naming patterns using `fnmatch` syntax.
+* For example, the string `*open-source` would match any repository with a name that ends with `open-source`. For syntax details, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#using-fnmatch-syntax)."
+* Optionally, you can prevent anyone outside the allow list from renaming the selected repositories. Alternatively, you can control the format of names in the "Policies" section.
+
+### Policies
+
+{% data reusables.enterprise.repo-policy-rules-policies-section %}

content/organizations/managing-organization-settings/index.md

@@ -16,6 +16,7 @@ children:
   - /verifying-or-approving-a-domain-for-your-organization
   - /renaming-an-organization
   - /transferring-organization-ownership
+  - /governing-how-people-use-repositories-in-your-organization
   - /restricting-repository-creation-in-your-organization
   - /setting-permissions-for-deleting-or-transferring-repositories
   - /restricting-repository-visibility-changes-in-your-organization

content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md

@@ -13,16 +13,19 @@ shortTitle: Custom properties
 
 Custom properties allow you to decorate your repositories with information such as compliance frameworks, data sensitivity, or project details. Custom properties are private and can only be viewed by people with read permissions to the repository.
 
+An organization can have up to 100 property definitions. An allowed value list can have up to 200 items.
+
 {% ifversion ghec or ghes %}
 You can use repository properties to determine which repositories to target with a ruleset. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/creating-rulesets-for-repositories-in-your-organization#targeting-repositories-by-properties-in-your-organization)."
 {% endif %}
 
+{% ifversion ghec %}
+You can define custom properties at the enterprise level to create a consistent experience across organizations. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/managing-custom-properties-for-repositories-in-your-enterprise)".
+{% endif %}
+
 ## Allowed characters
 
-Custom property names and values may only contain certain characters:
-
-* Names: `a-z`, `A-Z`, `0-9`, `_`, `-`, `$`, `#`.
-* Values: All printable ASCII characters except `"`.
+{% data reusables.repositories.custom-property-allowed-characters %}
 
 ## Adding custom properties
 

content/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization.md

@@ -14,6 +14,12 @@ topics:
 shortTitle: Restrict repository creation
 ---
 
+{% ifversion repo-policy-rules %}
+
+## Setting a blanket policy
+
+{% endif %}
+
 You can choose whether members and {% data variables.product.prodname_github_apps %} can create repositories in your organization. {% ifversion ghec or ghes %}If you allow members and {% data variables.product.prodname_github_apps %} to create repositories, you can choose which types of repositories they can create.{% elsif fpt %}If you allow members and {% data variables.product.prodname_github_apps %} to create repositories, you can choose whether they can create both public and private repositories or public repositories only.{% endif %} Organization owners can always create any type of repository.
 
 {% ifversion fpt %}
@@ -42,3 +48,11 @@ Organization owners can restrict the type of repositories members can create to
    {%- endif %}
 
 1. Click **Save**.
+
+{% ifversion repo-policy-rules %}
+
+## Setting a more flexible policy ({% data variables.release-phases.public_preview %})
+
+{% data reusables.enterprise.repo-policy-rules-more-flexible %}
+
+{% endif %}

content/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization.md

@@ -17,10 +17,16 @@ permissions: Organization owners can restrict repository visibility changes for
 
 You can restrict who has the ability to change the visibility of repositories in your organization, such as changing a repository from private to public. For more information about repository visibility, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)."
 
-You can restrict the ability to change repository visibility to organization owners only, or you can allow anyone with admin access to a repository to change visibility.
-
 Restricting who has the ability to change the visibility of repositories in your organization helps prevent sensitive information from being exposed. For more information, see "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)."
 
+{% ifversion repo-policy-rules %}
+
+## Setting a blanket policy
+
+{% endif %}
+
+You can restrict the ability to change repository visibility to organization owners only, or you can allow anyone with admin access to a repository to change visibility.
+
 > [!WARNING]
 > If this setting is enabled, individuals or {% data variables.product.prodname_github_apps %} with admin access can _modify_ the visibility of an existing repository even if the ability to _create_ a repository with that specific visibility has been disabled. For more information about restricting the visibility of repositories during creation, see "[AUTOTITLE](/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization)."
 
@@ -29,3 +35,11 @@ Restricting who has the ability to change the visibility of repositories in your
 {% data reusables.organizations.member-privileges %}
 1. Under "Repository visibility change", deselect **Allow members to change repository visibilities for this organization**.
 1. Click **Save**.
+
+{% ifversion repo-policy-rules %}
+
+## Setting a more flexible policy ({% data variables.release-phases.public_preview %})
+
+{% data reusables.enterprise.repo-policy-rules-more-flexible %}
+
+{% endif %}

content/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories.md

@@ -19,8 +19,22 @@ Owners can set permissions for deleting or transferring repositories in an organ
 
 Limiting the ability to delete or transfer repositories helps prevent sensitive information from being exposed. For more information, see "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)."
 
+{% ifversion repo-policy-rules %}
+
+## Setting a blanket policy
+
+{% endif %}
+
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
 {% data reusables.organizations.member-privileges %}
 1. Under "Repository deletion and transfer", select or deselect **Allow members to delete or transfer repositories for this organization**.
 1. Click **Save**.
+
+{% ifversion repo-policy-rules %}
+
+## Setting a more flexible policy ({% data variables.release-phases.public_preview %})
+
+You can create a repository policy to govern who can delete or transfer repositories in your organization. Compared to "member privilege" policies, repository policies give you more flexibility over which users the policies apply to and which repositories are targeted. See "[AUTOTITLE](/organizations/managing-organization-settings/governing-how-people-use-repositories-in-your-organization)."
+
+{% endif %}

content/repositories/creating-and-managing-repositories/deleting-a-repository.md

@@ -14,7 +14,8 @@ versions:
 topics:
   - Repositories
 ---
-{% data reusables.organizations.owners-and-admins-can %} delete an organization repository. If **Allow members to delete or transfer repositories for this organization** has been disabled, only organization owners can delete organization repositories. {% data reusables.organizations.new-repo-permissions-more-info %}
+
+{% data reusables.organizations.owners-and-admins-can %} delete an organization repository, and these users may be prevented from deleting a repository by an organization or enterprise policy. {% data reusables.organizations.new-repo-permissions-more-info %}
 
 Deleting a public repository will not delete any forks of the repository.
 

content/repositories/creating-and-managing-repositories/transferring-a-repository.md

@@ -74,7 +74,7 @@ See "[AUTOTITLE](/get-started/getting-started-with-git/managing-remote-repositor
 
 ### Repository transfers and organizations
 
-To transfer repositories to an organization, you must have repository creation permissions in the receiving organization. If organization owners have disabled repository creation by organization members, only organization owners can transfer repositories out of or into the organization.
+To transfer repositories to an organization, you must have permission to create repositories in the receiving organization, and to transfer repositories out of the origin organization. An organization or enterprise owner may have set a policy that prevents certain users from doing these things.
 
 Once a repository is transferred to an organization, the organization's default repository permission settings and default membership privileges will apply to the transferred repository.
 

data/features/repo-policy-rules.yml

@@ -0,0 +1,5 @@
+# Repository policy rules (public preview)
+# Ref: 15306
+
+versions:
+  ghec: '*'

data/reusables/enterprise-accounts/repositories-tab.md

@@ -1 +1 @@
-1. Under "{% octicon "law" aria-hidden="true" %} Policies", click **Member privileges**.
+1. Under "{% octicon "law" aria-hidden="true" %} Policies", click {% ifversion ghes < 3.16 %}**Repositories**{% else %}**Member privileges**{% endif %}.

data/reusables/enterprise/repo-policy-rules-allow-list.md

@@ -0,0 +1 @@
+Choose which roles and teams can **bypass** the restrictions in this policy.

data/reusables/enterprise/repo-policy-rules-alternative.md

@@ -0,0 +1,3 @@
+{% ifversion repo-policy-rules %}
+We recommend creating a **repository policy** to govern the lifecycle of repositories in your enterprise, such as who can create or delete repositories. Repository policies give you flexibility over which users are affected and which organizations and repositories are targeted. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise)."
+{% endif %}

data/reusables/enterprise/repo-policy-rules-enforcement.md

@@ -0,0 +1 @@
+If you don't want the policy to be enforced when it's created, set to "Disabled". Otherwise, set to "Active".

data/reusables/enterprise/repo-policy-rules-examples.md

@@ -0,0 +1,6 @@
+You can use a repository policy to do things like:
+
+* Ensure all new repositories use a certain naming convention, such as `kebab-case`.
+* Prevent repository deletions except by organization admins.
+* Allow public repositories to be created only in the "open source" organization in your enterprise.
+* Prevent public repositories from being changed to private to avoid potential loss of metadata.

data/reusables/enterprise/repo-policy-rules-intro.md

@@ -0,0 +1,9 @@
+To govern key events in the lifecycle of your repositories, such as who can create or delete repositories, you can create a repository policy. A repository policy is a collection of restrictions that gives you flexible control over which users are affected and which repositories are targeted.
+
+In a repository policy, you can restrict:
+
+* Which **visibilities** are permitted for new repositories and visibility changes.
+* Who can **create** repositories.
+* Who can **delete** repositories.
+* Who can **transfer** repositories out of an organization.
+* How people can **name** repositories.

data/reusables/enterprise/repo-policy-rules-more-flexible.md

@@ -0,0 +1 @@
+You can create a repository policy to govern who can create repositories in your organization, how new repositories must be named, and which visibilities are available. Compared to "member privilege" policies, repository policies give you more flexibility over which users are affected and which repositories are targeted. See "[AUTOTITLE](/organizations/managing-organization-settings/governing-how-people-use-repositories-in-your-organization)."

data/reusables/enterprise/repo-policy-rules-policies-section.md

@@ -0,0 +1,5 @@
+Choose which restrictions are included. When the policy is active, the restrictions apply across all targeted repositories, but can be bypassed by users or teams on the allow list.
+
+If you choose the "Restrict names" policy, you must use **regular expression** syntax to set a pattern that repository names must or must not match. For example, a pattern to enforce `kebab-case` naming would look like `^([a-z][a-z0-9]*)(-[a-z0-9]+)*$`.
+* Patterns support RE2 syntax. See Google's [syntax guide](https://github.com/google/re2/wiki/Syntax).
+* To validate your expressions, click **Test pattern**, then enter a pattern and test value.

data/reusables/enterprise/repo-policy-rules-preview.md

@@ -0,0 +1 @@
+>[!NOTE] Repository policies are currently in {% data variables.release-phases.public_preview %} and subject to change.

data/reusables/enterprise/repo-policy-rules-with-custom-properties.md

@@ -0,0 +1,5 @@
+We recommend using repository policies alongside **custom repository properties**. By adding custom properties to repositories, you will be able to flexibly target those repositories in a policy.
+
+For example, you can add a property to mark repositories that contain production data or other sensitive information, then prevent anyone from making those repositories public.
+
+To create and set custom properties, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization)."

data/reusables/enterprise/repo-policy-rules-with-existing-policies.md

@@ -0,0 +1,8 @@
+Some of the available restrictions are duplicates of policies you may have set on the "Member privileges" page in your organization or enterprise settings.
+
+Creating a repository policy does **not** override your existing "member privilege" policies. Instead, the policies are additive, so that the most restrictive version of a policy applies. This applies both to **member privilege policies** and to other **repository policies** that people have created at the enterprise or organization level.
+
+Compared to member privilege policies, repository policies have several advantages:
+
+* They offer more flexible targeting of organizations and repositories.
+* They allow you to give certain actors the option to bypass the policies.

data/reusables/repositories/custom-property-allowed-characters.md

@@ -0,0 +1,4 @@
+Custom property names and values may only contain certain characters:
+
+* Names: `a-z`, `A-Z`, `0-9`, `_`, `-`, `$`, `#`.
+* Values: All printable ASCII characters except `"`.