When you create a GitHub App, you can select the permissions it needs to access end user data. Permissions can also be added and removed. For more information, see "Editing a GitHub App's permissions."
Metadata permissions
By default, GitHub Apps have Read-only access to metadata endpoints. Metadata is a collection of read-only endpoints that provide general information about resources that the authorized installation can access.
If you set the metadata permission to No access and select a permission that requires repository access, GitHub will override your selection and set the metadata permission back to Read-only. To set the metadata permission to No access, you must set all permissions that require repository access to No access first. For a list of metadata endpoints, see "Metadata permissions."