Let’s say a user joins an organization. Then, this user will have access to their private repos as well as the organization’s size.

When this user creates a PAT (personal access token), it can click the “Authorize” button to authorize the PAT to access the org’s repo.

If I am the org’s admin, can I limit this step and approve the authorization on a case-by-case basic?

Hi @jzhang-brex welcome to the community.

There is no authorize a token or SSH key for a specific repository at the moment, there is an authorize a token/SSH key for a SAML enabled organization.
There is no feature for an organization admin to further limit/approve a user authorizing their credential for access to the organization.

Additionally to this, while at this time we don’t have a way of scoping PATs to specific repository access, it is on our roadmap for future implementation along with some other PAT improvements if you’d like to follow progress there:

Setting org policies for PAT issuance is big deal.