`Triage` role in GitHub doesn't have all necessary permission

[aravindvnair99]

I'm guessing @expressjs/triagers have Triage access right now based on what I have observed as per article 1 linked below. Can't state for sure as I'm not having admin rights to view that.

I'm however opening this issue so that we can track our feature request to @github to have Triage role updated to include the ability to lock issues and pull requests which currently only Write has access to as per article 2 linked below. If we had this feature, it would have been very useful such as in the case of the recent spam PRs where triagers could only close PRs, but not lock it.

As next step, @wesleytodd is following up with GitHub on this and will post further updates.

Slack thread of interaction of us - https://openjs-foundation.slack.com/archives/C02QB1731FH/p1708350029783549?thread_ts=1707773056.214539&cid=C02QB1731FH

References:

• https://docs.github.com/en/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization
• https://docs.github.com/en/communities/moderating-comments-and-conversations/locking-conversations

[aravindvnair99]

Interestingly, I see Lock and unlock discussions allowed for Triage as per 1st link. I'm wondering why GitHub didn't include issues and pull requests as well for locking and limit it to Write. But let's wait to hear back from GitHub.

[wesleytodd]

I have sent this feedback onto the GitHub support email thread. Will post back if I hear from them. On the other parts about moderation improvements this was their response:

We agree that the interaction limits could use more nuance to be helpful. I don't believe there are any immediate plans for a refresh, but I'll definitely pass your suggestion on to the responsible product team.

We went ahead and removed a large amount of the PRs. If there are any we missed, or if the SPAM continues despite your efforts and the interaction limits, let us know and we can go through again.