docs/content/github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/enforcing-github-actions-policies-in-your-enterprise-account.md

title	intro	product	redirect_from	miniTocMaxHeadingLevel	versions	topics
Enforcing GitHub Actions policies in your enterprise account	Enterprise owners can disable, enable, and limit {% data variables.product.prodname_actions %} for an enterprise account.	{% data reusables.gated-features.enterprise-accounts %}	[/github/setting-up-and-managing-your-enterprise-account/enforcing-github-actions-policies-in-your-enterprise-account /github/setting-up-and-managing-your-enterprise/enforcing-github-actions-policies-in-your-enterprise-account]	4	[{free-pro-team *}]	[Enterprise]

About {% data variables.product.prodname_actions %} permissions for your enterprise account

By default, {% data variables.product.prodname_actions %} is enabled in all organizations owned by an enterprise account. You can choose to disable {% data variables.product.prodname_actions %} for all organizations owned by an enterprise account, or only allow specified organizations. You can also limit the use of public actions, so that people can only use local actions that exist in your organization.

For more information about {% data variables.product.prodname_actions %}, see "About {% data variables.product.prodname_actions %}."

Managing {% data variables.product.prodname_actions %} permissions for your enterprise account

You can disable all workflows for an enterprise or set a policy that configures which actions can be used in an organization.

{% data reusables.actions.actions-use-policy-settings %}

{% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} {% data reusables.enterprise-accounts.actions-tab %} {% data reusables.actions.enterprise-actions-permissions %}

1. Click Save.

Allowing specific actions to run

{% data reusables.actions.allow-specific-actions-intro %}

{% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} {% data reusables.enterprise-accounts.actions-tab %}

1. Under Policies, select Allow select actions and add your required actions to the list.

Enabling workflows for private repository forks

{% data reusables.github-actions.private-repository-forks-overview %}

Configuring the private fork policy for your enterprise account

{% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} {% data reusables.enterprise-accounts.actions-tab %} {% data reusables.github-actions.private-repository-forks-configure %}

Setting the permissions of the GITHUB_TOKEN for your enterprise

{% data reusables.github-actions.workflow-permissions-intro %}

You can set the default permissions for the GITHUB_TOKEN in the settings for your enterprise, organizations, or repositories. If you choose the restricted option as the default in your enterprise settings, this prevents the more permissive setting being chosen in the organization or repository settings.

{% data reusables.github-actions.workflow-permissions-modifying %}

Configuring the default GITHUB_TOKEN permissions

{% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} {% data reusables.enterprise-accounts.actions-tab %}

1. Under Workflow permissions, choose whether you want the GITHUB_TOKEN to have read and write access for all scopes, or just read access for the contents scope.
2. Click Save to apply the settings.