Action permissions per self-hosted runner group?

GitHub Actions can be disabled or limited at the org level.

With the recent addition of self-hosted runner groups, it would be useful to also disable/limit them at the runner group level.

For instance, an organization might want to allow all actions in general, but only allow select actions for a certain self-hosted runner group which contains runners hosted in a particularly sensitive area with heightened security requirements (e.g. a physical data center).

Is there any way to achieve this?

We can only manage visibility/usage of runners Managing access to self-hosted runners using groups - GitHub Docs

Allowing “Actions” for a certain group isn’t currently possible.

Thanks for the feedback!