Skip to main content

Controlling access to larger runners

You can use policies to limit access to larger runners that have been added to an organization or enterprise.

The larger runners feature is currently in beta for organizations and enterprises using the GitHub Team or GitHub Enterprise Cloud plans, and is subject to change. To request access to the beta, visit the sign up page.

About runner groups

Note: All organizations have a single default runner group. Only enterprise accounts and organizations owned by enterprise accounts can create and manage additional runner groups.

Runner groups are used to control access to runners. Organization admins can configure access policies that control which repositories in an organization have access to the runner group.

If you use GitHub Enterprise Cloud, you can create additional runner groups; enterprise admins can configure access policies that control which organizations in an enterprise have access to the runner group; and organization admins can assign additional granular repository access policies to the enterprise runner group. For more information, see the GitHub Enterprise Cloud documentation.

Changing the access policy of a runner group

Warning: We recommend that you only use larger runners with private repositories:

  • Forks of your repository can potentially run dangerous code on your larger runner by creating a pull request that executes the code in a workflow.
  • You could incur unexpected costs if you allow forked repositories to run jobs on your larger runners.

For runner groups in an enterprise, you can change what organizations in the enterprise can access a runner group. For runner groups in an organization, you can change what repositories in the organization can access a runner group.

Changing what organizations or repositories can access a runner group

  1. Navigate to the main page of the repository or organization where your runner groups are located.

  2. Click Settings.

  3. In the left sidebar, click Actions, then click Runner groups.

  4. In the list of groups, click the runner group you'd like to configure.

  5. For runner groups in an enterprise, under Organization access, modify what organizations can access the runner group. For runner groups in an organization, under Repository access, modify what repositories can access the runner group.

Changing the name of a runner group

  1. Navigate to the main page of the repository or organization where your runner groups are located.

  2. Click Settings.

  3. In the left sidebar, click Actions, then click Runner groups.

  4. In the list of groups, click the runner group you'd like to configure.

  5. Change the runner group name.