Is it possible for a workflow to have a safe write access to other public GitHub repositories?

I have a GitHub repository blog in which I have a workflow publish which tries to automatically publish the blog on push events. However, the blog repositories is a meta one which contains several sub blogs each of which correspond to a GitHub repository (home/en/cn/misc) with gh-pages support. I wonder is there any way to grant the workflow publish safe write access to the repositories home/en/cn/misc. By safe I mean other people won’t be able to gain write access to my GitHub repositories home/en/cn/misc.

@dclong,

By default, the outside users only have the read access in your public repositories. For the members in your organization repositories, you also can limit their access via the roles. Roles are not applied to user repositories.
roles

In addition, you also can set “Branch protection rules” to prevent other users from directly pushing commits on the branches in your repository. More details, you can see: