Akash1134
diff --git a/‎assets/images/help/settings/actions-workflow-permissions-enterprise-with-default-restrictive.png
129 KB b/‎assets/images/help/settings/actions-workflow-permissions-enterprise-with-default-restrictive.png
129 KB
diff --git a/‎assets/images/help/settings/actions-workflow-permissions-organization-with-default-restrictive.png
128 KB b/‎assets/images/help/settings/actions-workflow-permissions-organization-with-default-restrictive.png
128 KB
diff --git a/‎assets/images/help/settings/actions-workflow-permissions-repository-with-default-restrictive.png
111 KB b/‎assets/images/help/settings/actions-workflow-permissions-repository-with-default-restrictive.png
111 KB
diff --git a/‎content/actions/security-guides/automatic-token-authentication.md
+2-2 b/‎content/actions/security-guides/automatic-token-authentication.md
+2-2
diff --git a/‎content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md
+10-2 b/‎content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md
+10-2
diff --git a/‎content/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization.md
+13-8 b/‎content/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization.md
+13-8
diff --git a/‎content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md
+10-3 b/‎content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md
+10-3
@@ -56,7 +56,7 @@ jobs:
   create_issue:
     runs-on: ubuntu-latest
     permissions:
-      issues: write 
+      issues: write
     steps:
       - name: Create issue using REST API
         run: |
@@ -86,7 +86,7 @@ The following table shows the permissions granted to the `GITHUB_TOKEN` by defau
 | id-token      | none        | none | read |{% endif %}
 | issues        | read/write  | none | read |
 | metadata      | read        | read | read |
-| packages      | read/write  | none | read |
+| packages      | read/write  | {% ifversion actions-default-workflow-permissions-restrictive %}read{% else %}none{% endif %} | read |
 | pages         | read/write  | none | read |
 | pull-requests | read/write  | none | read |
 | repository-projects | read/write | none | read |
 
@@ -129,16 +129,20 @@ You can set the default permissions for the `GITHUB_TOKEN` in the settings for y
 ### Configuring the default `GITHUB_TOKEN` permissions
 
 {% ifversion actions-default-workflow-permissions-restrictive %}
-By default, when you create a new enterprise, `GITHUB_TOKEN` only has read access for the `contents` scope.
+By default, when you create a new enterprise, `GITHUB_TOKEN` only has read access for the `contents` and `packages` scopes.
 {% endif %}
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.actions-tab %}
-1. Under "Workflow permissions", choose whether you want the `GITHUB_TOKEN` to have read and write access for all scopes, or just read access for the `contents` scope.
+1. Under "Workflow permissions", choose whether you want the `GITHUB_TOKEN` to have read and write access for all scopes, or just read access for the `contents` {% ifversion actions-default-workflow-permissions-restrictive %}and `packages` scopes{% else %}scope{% endif %}.
 
    {% ifversion allow-actions-to-approve-pr-with-ent-repo %}
+      {% ifversion actions-default-workflow-permissions-restrictive %}
+   ![Set GITHUB_TOKEN permissions for this enterprise](/assets/images/help/settings/actions-workflow-permissions-enterprise-with-default-restrictive.png)
+      {% else %}
    ![Set GITHUB_TOKEN permissions for this enterprise](/assets/images/help/settings/actions-workflow-permissions-enterprise-with-pr-approval.png)
+      {% endif %}
    {% else %}
    ![Set GITHUB_TOKEN permissions for this enterprise](/assets/images/help/settings/actions-workflow-permissions-enterprise.png)
    {% endif %}
@@ -158,7 +162,11 @@ By default, when you create a new enterprise, workflows are not allowed to creat
 {% data reusables.enterprise-accounts.actions-tab %}
 1. Under "Workflow permissions", use the **Allow GitHub Actions to create and approve pull requests** setting to configure whether `GITHUB_TOKEN` can create and approve pull requests.
 
+   {% ifversion actions-default-workflow-permissions-restrictive %}
+   ![Set GITHUB_TOKEN permissions for this enterprise](/assets/images/help/settings/actions-workflow-permissions-enterprise-with-default-restrictive.png)
+   {% else %}
    ![Set GITHUB_TOKEN permissions for this enterprise](/assets/images/help/settings/actions-workflow-permissions-enterprise-with-pr-approval.png)
+   {% endif %}
 1. Click **Save** to apply the settings.
 
 {% endif %}
 
@@ -160,23 +160,27 @@ You can set the default permissions for the `GITHUB_TOKEN` in the settings for y
 ### Configuring the default `GITHUB_TOKEN` permissions
 
 {% ifversion actions-default-workflow-permissions-restrictive %}
-By default, when you create a new organization,{% ifversion ghec or ghes or ghae %} the setting is inherited from what is configured in the enterprise settings.{% else %} `GITHUB_TOKEN` only has read access for the `contents` scope.{% endif %}
+By default, when you create a new organization,{% ifversion ghec or ghes or ghae %} the setting is inherited from what is configured in the enterprise settings.{% else %} `GITHUB_TOKEN` only has read access for the `contents` and `packages` scopes.{% endif %}
 {% endif %}
 
 {% data reusables.profile.access_profile %}
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
 {% data reusables.organizations.settings-sidebar-actions-general %}
-1. Under "Workflow permissions", choose whether you want the `GITHUB_TOKEN` to have read and write access for all scopes, or just read access for the `contents` scope.
+1. Under "Workflow permissions", choose whether you want the `GITHUB_TOKEN` to have read and write access for all scopes, or just read access for the `contents` {% ifversion actions-default-workflow-permissions-restrictive %}and `packages` scopes{% else %}scope{% endif %}.
 
    {% ifversion allow-actions-to-approve-pr %}
       {% ifversion allow-actions-to-approve-pr-with-ent-repo %}
+         {% ifversion actions-default-workflow-permissions-restrictive %}
+   ![Set GITHUB_TOKEN permissions for this organization](/assets/images/help/settings/actions-workflow-permissions-organization-with-default-restrictive.png)
+         {% else %}
    ![Set GITHUB_TOKEN permissions for this organization](/assets/images/help/settings/actions-workflow-permissions-organization-with-pr-creation-approval.png)
+         {% endif %}
       {% else %}
    ![Set GITHUB_TOKEN permissions for this organization](/assets/images/help/settings/actions-workflow-permissions-organization-with-pr-approval.png)
       {% endif %}
    {% else %}
-   ![Set GITHUB_TOKEN permissions for this organization](/assets/images/help/settings/actions-workflow-permissions-organization-with-pr-approval.png)
+   ![Set GITHUB_TOKEN permissions for this organization](/assets/images/help/settings/actions-workflow-permissions-organization.png)
    {% endif %}
 1. Click **Save** to apply the settings.
 
@@ -193,15 +197,16 @@ By default, when you create a new organization, workflows are not allowed to {%
 {% data reusables.organizations.settings-sidebar-actions-general %}
 1. Under "Workflow permissions", use the **Allow GitHub Actions to {% ifversion allow-actions-to-approve-pr-with-ent-repo %}create and {% endif %}approve pull requests** setting to configure whether `GITHUB_TOKEN` can {% ifversion allow-actions-to-approve-pr-with-ent-repo %}create and {% endif %}approve pull requests.
 
-   {% ifversion allow-actions-to-approve-pr %}
-      {% ifversion allow-actions-to-approve-pr-with-ent-repo %}
-   ![Set GITHUB_TOKEN pull request approval permission for this organization](/assets/images/help/settings/actions-workflow-permissions-organization-with-pr-creation-approval.png)
+   {% ifversion allow-actions-to-approve-pr-with-ent-repo %}
+      {% ifversion actions-default-workflow-permissions-restrictive %}
+   ![Set GITHUB_TOKEN permissions for this organization](/assets/images/help/settings/actions-workflow-permissions-organization-with-default-restrictive.png)
       {% else %}
-   ![Set GITHUB_TOKEN pull request approval permission for this organization](/assets/images/help/settings/actions-workflow-permissions-organization-with-pr-approval.png)
+   ![Set GITHUB_TOKEN pull request approval permission for this organization](/assets/images/help/settings/actions-workflow-permissions-organization-with-pr-creation-approval.png)
       {% endif %}
    {% else %}
-   ![Set GITHUB_TOKEN pull request approval permission for this organization](/assets/images/help/settings/actions-workflow-permissions-organization.png)
+   ![Set GITHUB_TOKEN pull request approval permission for this organization](/assets/images/help/settings/actions-workflow-permissions-organization-with-pr-approval.png)
    {% endif %}
+
 1. Click **Save** to apply the settings.
 
 {% endif %}
 
@@ -112,20 +112,23 @@ The default permissions can also be configured in the organization settings. If
 ### Configuring the default `GITHUB_TOKEN` permissions
 
 {% ifversion actions-default-workflow-permissions-restrictive %}
-By default, when you create a new repository in your personal account, `GITHUB_TOKEN` only has read access for the `contents` scope. If you create a new repository in an organization, the setting is inherited from what is configured in the organization settings.
+By default, when you create a new repository in your personal account, `GITHUB_TOKEN` only has read access for the `contents` and `packages` scopes. If you create a new repository in an organization, the setting is inherited from what is configured in the organization settings.
 {% endif %}
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.settings-sidebar-actions-general %}
-1. Under "Workflow permissions", choose whether you want the `GITHUB_TOKEN` to have read and write access for all scopes, or just read access for the `contents` scope.
+1. Under "Workflow permissions", choose whether you want the `GITHUB_TOKEN` to have read and write access for all scopes, or just read access for the `contents` {% ifversion actions-default-workflow-permissions-restrictive %}and `packages` scopes{% else %}scope{% endif %}.
 
    {% ifversion allow-actions-to-approve-pr-with-ent-repo %}
+      {% ifversion actions-default-workflow-permissions-restrictive %}
+   ![Set GITHUB_TOKEN permissions for this repository](/assets/images/help/settings/actions-workflow-permissions-repository-with-default-restrictive.png)
+      {% else %}
    ![Set GITHUB_TOKEN permissions for this repository](/assets/images/help/settings/actions-workflow-permissions-repository-with-pr-approval.png)
+      {% endif %}
    {% else %}
    ![Set GITHUB_TOKEN permissions for this repository](/assets/images/help/settings/actions-workflow-permissions-repository.png)
    {% endif %}
-
 1. Click **Save** to apply the settings.
 
 {% ifversion allow-actions-to-approve-pr-with-ent-repo %}
@@ -142,7 +145,11 @@ By default, when you create a new repository in your personal account, workflows
 {% data reusables.repositories.settings-sidebar-actions-general %}
 1. Under "Workflow permissions", use the **Allow GitHub Actions to create and approve pull requests** setting to configure whether `GITHUB_TOKEN` can create and approve pull requests.
 
+   {% ifversion actions-default-workflow-permissions-restrictive %}
+   ![Set GITHUB_TOKEN permissions for this repository](/assets/images/help/settings/actions-workflow-permissions-repository-with-default-restrictive.png)
+   {% else %}
    ![Set GITHUB_TOKEN permissions for this repository](/assets/images/help/settings/actions-workflow-permissions-repository-with-pr-approval.png)
+   {% endif %}
 1. Click **Save** to apply the settings.
 {% endif %}