Branches within repositories that belong to organizations can be configured so that only certain users or teams can push to the branch.

Note: Organization owners and users with admin permissions for a repository are always able to push to a protected branch.

When you enable branch restrictions, only people or teams that have been given permission can push to the protected branch. You can view and edit the users or teams with push access to a protected branch in the protected branch's settings.

Restricted branch permissions.

Note: If the "Include administrators" is checked and you've enabled required status checks on the branch and they fail, any attempt to push changes to the base branch will also fail, regardless of a user or team's permission status.

Further reading