Catch Permission Drift Before It Becomes a Problem
Every day at 9am, Notis checks if your team's GitHub access matches your expectations. Permission surprises get flagged immediately.
Trigger
Recurring schedule
Notis starts this workflow on a schedule, such as daily, weekly, or during business hours.
Action
Check team permissions for a repository
Checks a team's permissions for a specific repository within an organization, including permissions inherited from parent teams.
Why this helps
You assume your team has the right repository access, but drift happens gradually. Someone gets promoted, permissions don't update. A contractor's access stays active too long. You only notice during emergency incident or when someone can't access what they need.
- Catch permission drift early—before it causes an outage or security issue
- Spend less time manually auditing access levels
- Proactively align team access with your actual organizational structure
Setup
Build it in a few focused steps.
- 1Connect GitHub to Notis.
- 2Create an automation: 'Every day at 9am, check if our key GitHub teams have the expected repository access. Report any mismatches.'
- 3Give Notis a list of teams and the repositories they should have access to (e.g., 'Frontend team should have push access to repos: dashboard, ui-lib, marketing-site').
- 4Choose a Slack channel where Notis will send the audit report each morning.
- 5Test by running the audit manually once to see the baseline report.
Questions about this workflow
What counts as a 'mismatch'?
A team has more access than expected (e.g., admin instead of push), has less access (can't push when they should), or is missing access to a repo entirely.
Can I change the audit schedule?
Yes. You can run it daily, weekly, before releases, or whenever makes sense for your team's pace.
Does this also check individual user permissions?
The default focuses on team-level permissions, but Notis can also audit specific users if you need that visibility.
When this happens · Trigger
Do this · Action
Supported Triggers and Actions
Notis builds workflows that link Slack to GitHub. A trigger fires from one place; an action lands in another.
Slack triggers
GitHub actions
New Channel Created Trigger
Triggered when a new channel is created in Slack.
Accept a repository invitation
Accepts a pending repository invitation that has been issued to the authenticated user.
Channel Message Received
Triggered when a message is posted in a Slack channel (public, private, or multi-party IM). Does NOT match direct messages.
List repositories starred by the authenticated user
Deprecated: lists repositories starred by the authenticated user, including star creation timestamps; use 'list repositories starred by the authenticated user' instead.
Direct Message Received
Triggered when a new direct message (DM) is sent to a user in Slack. Catches all DMs across all DM channels.
List stargazers
Deprecated: lists users who have starred a repository; use `list stargazers` instead.
Message Reaction Added
Triggered when a reaction is added to a message in Slack. Supports optional filtering by channel and emoji name.
Star a repository for the authenticated user
Deprecated: stars a repository for the authenticated user; use `star a repository for the authenticated user` instead.
Message Reaction Removed
Triggered when a reaction is removed from a message in Slack. Supports optional filtering by channel and emoji name.
Add email for auth user
Adds one or more email addresses (which will be initially unverified) to the authenticated user's github account; use this to associate new emails, noting an email verified for another account will error, while an existing email for the current user is accepted.
Reaction Added Trigger
DEPRECATED: use `SLACK_MESSAGE_REACTION_ADDED` instead. Triggered when a reaction is added to a message in Slack.
Add app access restrictions
Replaces github app access restrictions for an existing protected branch; requires a json array of app slugs in the request body, where apps must be installed and have 'contents' write permissions.
Reaction Removed Trigger
DEPRECATED: use `SLACK_MESSAGE_REACTION_REMOVED` instead. Triggered when a reaction is removed from a message.
Add a repository collaborator
Adds a github user as a repository collaborator, or updates their permission if already a collaborator; `permission` applies to organization-owned repositories (personal ones default to 'push' and ignore this field), and an invitation may be created or permissions updated directly.
New Bot Message Received Trigger
DEPRECATED: use `SLACK_CHANNEL_MESSAGE_RECEIVED` with `is_bot_message=true` instead. Triggered when a new bot message is posted to a Slack channel.
Add a repository to an app installation
Adds a repository to a github app installation, granting the app access; requires authenticated user to have admin rights for the repository and access to the installation.
Connect any two apps with Notis in the middle.
Not just Slack and GitHub. Any combination from 985+ integrations.
When this happens · Trigger
Do this · Action
Save your first hour today.
7 days free trial with 20$ free usage included.
No card. Works with personal or business GitHub.
