About code review limits
By default, in public repositories, any user can submit reviews that approve or request changes to a pull request.
You can limit which users are able to submit reviews that approve or request changes to pull requests in your public repository. When you enable code review limits, anyone can comment on pull requests in your public repository, but only people with read access or higher can approve pull requests or request changes.
You can also enable code review limits for an organization. If you enable limits for an organization, you will override any limits for individual repositories owned by the organization. For more information, see "Managing pull request reviews in your organization"
Enabling code review limits
On GitHub.com, navigate to the main page of the repository.
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
Under Access, click Moderation options.
Under Moderation options, click Code review limits.
Select or deselect Limit to users explicitly granted read or higher access.