From 45809c8f5479e167ac79221c7480b2d7b94ff03d Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Sat, 21 Mar 2026 23:39:47 +0100
Subject: [PATCH] feat: Add configurable permissions for Actions automatic
 tokens (#36173)

## Overview

This PR introduces granular permission controls for Gitea Actions tokens
(`GITEA_TOKEN`), aligning Gitea's security model with GitHub Actions
standards while maintaining compatibility with Gitea's unique repository
unit system.

It addresses the need for finer access control by allowing
administrators and repository owners to define default token
permissions, set maximum permission ceilings, and control
cross-repository access within organizations.

## Key Features

### 1. Granular Token Permissions

- **Standard Keyword Support**: Implements support for the
`permissions:` keyword in workflow and job YAML files (e.g., `contents:
read`, `issues: write`).
- **Permission Modes**:
- **Permissive**: Default write access for most units (backwards
compatible).
- **Restricted**: Default read-only access for `contents` and
`packages`, with no access to other units.
- ~~**Custom**: Allows defining specific default levels for each unit
type (Code, Issues, PRs, Packages, etc.).~~**EDIT removed UI was
confusing**
- **Clamping Logic**: Workflow-defined permissions are automatically
"clamped" by repository or organization-level maximum settings.
Workflows cannot escalate their own permissions beyond these limits.

### 2. Organization & Repository Settings

- **Settings UI**: Added new settings pages at both Organization and
Repository levels to manage Actions token defaults and maximums.
- **Inheritance**: Repositories can be configured to "Follow
organization-level configuration," simplifying management across large
organizations.
- **Cross-Repository Access**: Added a policy to control whether Actions
workflows can access other repositories or packages within the same
organization. This can be set to "None," "All," or restricted to a
"Selected" list of repositories.

### 3. Security Hardening

- **Fork Pull Request Protection**: Tokens for workflows triggered by
pull requests from forks are strictly enforced as read-only, regardless
of repository settings.
- ~~**Package Access**: Actions tokens can now only access packages
explicitly linked to a repository, with cross-repo access governed by
the organization's security policy.~~ **EDIT removed
https://github.com/go-gitea/gitea/pull/36173#issuecomment-3873675346**
- **Git Hook Integration**: Propagates Actions Task IDs to git hooks to
ensure that pushes performed by Actions tokens respect the specific
permissions granted at runtime.

### 4. Technical Implementation

- **Permission Persistence**: Parsed permissions are calculated at job
creation and stored in the `action_run_job` table. This ensures the
token's authority is deterministic throughout the job's lifecycle.
- **Parsing Priority**: Implemented a priority system in the YAML parser
where the broad `contents` scope is applied first, allowing granular
scopes like `code` or `releases` to override it for precise control.
- **Re-runs**: Permissions are re-evaluated during a job re-run to
incorporate any changes made to repository settings in the interim.

### How to Test

1. **Unit Tests**: Run `go test ./services/actions/...` and `go test
./models/repo/...` to verify parsing logic and permission clamping.
2. **Integration Tests**: Comprehensive tests have been added to
`tests/integration/actions_job_token_test.go` covering:
   - Permissive vs. Restricted mode behavior.
   - YAML `permissions:` keyword evaluation.
   - Organization cross-repo access policies.
- Resource access (Git, API, and Packages) under various permission
configs.
3. **Manual Verification**:
   - Navigate to **Site/Org/Repo Settings -> Actions -> General**.
- Change "Default Token Permissions" and verify that newly triggered
workflows reflect these changes in their `GITEA_TOKEN` capabilities.
- Attempt a cross-repo API call from an Action and verify the Org policy
is enforced.

## Documentation

Added a PR in gitea's docs for this :
https://gitea.com/gitea/docs/pulls/318

## UI:

<img width="1366" height="619" alt="Screenshot 2026-01-24 174112"
src="https://github.com/user-attachments/assets/bfa29c9a-4ea5-4346-9410-16d491ef3d44"
/>

<img width="1360" height="621" alt="Screenshot 2026-01-24 174048"
src="https://github.com/user-attachments/assets/d5ec46c8-9a13-4874-a6a4-fb379936cef5"
/>

/fixes #24635
/claim #24635

---------

Signed-off-by: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Signed-off-by: ChristopherHX <christopher.homberger@web.de>
Signed-off-by: silverwind <me@silverwind.io>
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
---
 cmd/hook.go                                   |   4 +-
 models/actions/config.go                      |  74 +++
 models/actions/run_job.go                     |   5 +
 models/actions/token_permissions.go           |  60 +++
 models/migrations/migrations.go               |   1 +
 models/migrations/v1_26/v328.go               |  16 +
 .../access/actions_repo_permission_test.go    | 155 ++++++
 models/perm/access/repo_permission.go         | 113 ++++-
 models/repo/pull_request_default_test.go      |   2 +-
 models/repo/repo_list.go                      |   8 +
 models/repo/repo_unit.go                      |  67 +--
 models/repo/repo_unit_actions.go              | 153 ++++++
 models/repo/repo_unit_test.go                 |  76 ++-
 models/user/setting.go                        |  43 ++
 models/user/setting_options.go                |   2 +
 modules/private/hook.go                       |   2 +-
 modules/repository/env.go                     |  70 +--
 modules/util/util.go                          |  15 +
 options/locale/locale_en-US.json              |  22 +-
 routers/private/hook_pre_receive.go           |  21 +-
 routers/web/admin/runners.go                  |  13 -
 routers/web/misc/misc.go                      |   6 +
 routers/web/org/setting/runners.go            |  12 -
 routers/web/repo/actions/view.go              |   2 +-
 routers/web/repo/githttp.go                   |  34 +-
 routers/web/repo/setting/actions.go           |  84 +++-
 routers/web/shared/actions/general.go         | 160 +++++++
 routers/web/shared/actions/runners.go         |   4 +-
 routers/web/user/setting/runner.go            |  13 -
 routers/web/web.go                            |  20 +-
 services/actions/permission_parser.go         | 141 ++++++
 services/actions/permission_parser_test.go    | 196 ++++++++
 services/actions/run.go                       |   6 +
 services/actions/token_permission_design.md   | 123 +++++
 services/actions/workflow.go                  |   2 +-
 services/doctor/fix16961.go                   |   2 +-
 services/pull/update_test.go                  |   2 +-
 services/repository/transfer.go               |  14 +
 templates/org/settings/actions_general.tmpl   |   5 +
 templates/org/settings/navbar.tmpl            |   5 +-
 templates/repo/settings/actions_general.tmpl  |  37 +-
 .../actions/owner_general_settings.tmpl       |  58 +++
 .../actions/permission_mode_select.tmpl       |  18 +
 .../shared/actions/permissions_table.tmpl     |  77 +++
 .../actions/permissions_table_unit.tmpl       |  24 +
 templates/user/settings/actions_general.tmpl  |   3 +
 templates/user/settings/navbar.tmpl           |   5 +-
 tests/integration/actions_job_token_test.go   | 453 +++++++++++++++---
 tests/integration/actions_runner_test.go      |   4 +-
 .../integration/api_issue_dependency_test.go  |   2 +-
 tests/integration/integration_test.go         |   8 +-
 tests/integration/pull_update_test.go         |   2 +-
 web_src/css/base.css                          |   6 +
 web_src/css/modules/list.css                  |   9 -
 .../js/features/common-actions-permissions.ts |  34 ++
 web_src/js/features/comp/SearchRepoBox.ts     |   7 +-
 web_src/js/index-domready.ts                  |   2 +
 57 files changed, 2203 insertions(+), 299 deletions(-)
 create mode 100644 models/actions/config.go
 create mode 100644 models/actions/token_permissions.go
 create mode 100644 models/migrations/v1_26/v328.go
 create mode 100644 models/perm/access/actions_repo_permission_test.go
 create mode 100644 models/repo/repo_unit_actions.go
 delete mode 100644 routers/web/admin/runners.go
 delete mode 100644 routers/web/org/setting/runners.go
 create mode 100644 routers/web/shared/actions/general.go
 delete mode 100644 routers/web/user/setting/runner.go
 create mode 100644 services/actions/permission_parser.go
 create mode 100644 services/actions/permission_parser_test.go
 create mode 100644 services/actions/token_permission_design.md
 create mode 100644 templates/org/settings/actions_general.tmpl
 create mode 100644 templates/shared/actions/owner_general_settings.tmpl
 create mode 100644 templates/shared/actions/permission_mode_select.tmpl
 create mode 100644 templates/shared/actions/permissions_table.tmpl
 create mode 100644 templates/shared/actions/permissions_table_unit.tmpl
 create mode 100644 templates/user/settings/actions_general.tmpl
 create mode 100644 web_src/js/features/common-actions-permissions.ts

diff --git a/cmd/hook.go b/cmd/hook.go
index 4f6492b0f05..a0280e283f7 100644
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -194,7 +194,7 @@ Gitea or set your environment appropriately.`, "")
 	userID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
 	prID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPRID), 10, 64)
 	deployKeyID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvDeployKeyID), 10, 64)
-	actionPerm, _ := strconv.Atoi(os.Getenv(repo_module.EnvActionPerm))
+	actionsTaskID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvActionsTaskID), 10, 64)
 
 	hookOptions := private.HookOptions{
 		UserID:                          userID,
@@ -204,7 +204,7 @@ Gitea or set your environment appropriately.`, "")
 		GitPushOptions:                  pushOptions(),
 		PullRequestID:                   prID,
 		DeployKeyID:                     deployKeyID,
-		ActionPerm:                      actionPerm,
+		ActionsTaskID:                   actionsTaskID,
 		IsWiki:                          isWiki,
 	}
 
diff --git a/models/actions/config.go b/models/actions/config.go
new file mode 100644
index 00000000000..4f5357c5605
--- /dev/null
+++ b/models/actions/config.go
@@ -0,0 +1,74 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+	"context"
+
+	"code.gitea.io/gitea/models/perm"
+	repo_model "code.gitea.io/gitea/models/repo"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/modules/util"
+
+	"xorm.io/xorm/convert"
+)
+
+// OwnerActionsConfig defines the Actions configuration for a user or organization
+type OwnerActionsConfig struct {
+	// TokenPermissionMode defines the default permission mode (permissive, restricted)
+	TokenPermissionMode repo_model.ActionsTokenPermissionMode `json:"token_permission_mode,omitempty"`
+
+	// MaxTokenPermissions defines the absolute maximum permissions any token can have in this context.
+	MaxTokenPermissions *repo_model.ActionsTokenPermissions `json:"max_token_permissions,omitempty"`
+
+	// AllowedCrossRepoIDs is a list of specific repo IDs that can be accessed cross-repo
+	AllowedCrossRepoIDs []int64 `json:"allowed_cross_repo_ids,omitempty"`
+}
+
+var _ convert.ConversionFrom = (*OwnerActionsConfig)(nil)
+
+func (cfg *OwnerActionsConfig) FromDB(bytes []byte) error {
+	_ = json.Unmarshal(bytes, cfg)
+	cfg.TokenPermissionMode, _ = util.EnumValue(cfg.TokenPermissionMode)
+	return nil
+}
+
+// GetOwnerActionsConfig loads the OwnerActionsConfig for a user or organization from user settings
+// It returns a default config if no setting is found
+func GetOwnerActionsConfig(ctx context.Context, userID int64) (ret OwnerActionsConfig, err error) {
+	return user_model.GetUserSettingJSON(ctx, userID, user_model.SettingsKeyActionsConfig, ret)
+}
+
+// SetOwnerActionsConfig saves the OwnerActionsConfig for a user or organization to user settings
+func SetOwnerActionsConfig(ctx context.Context, userID int64, cfg OwnerActionsConfig) error {
+	return user_model.SetUserSettingJSON(ctx, userID, user_model.SettingsKeyActionsConfig, cfg)
+}
+
+// GetDefaultTokenPermissions returns the default token permissions by its TokenPermissionMode.
+func (cfg *OwnerActionsConfig) GetDefaultTokenPermissions() repo_model.ActionsTokenPermissions {
+	switch cfg.TokenPermissionMode {
+	case repo_model.ActionsTokenPermissionModeRestricted:
+		return repo_model.MakeRestrictedPermissions()
+	case repo_model.ActionsTokenPermissionModePermissive:
+		return repo_model.MakeActionsTokenPermissions(perm.AccessModeWrite)
+	default:
+		return repo_model.MakeActionsTokenPermissions(perm.AccessModeNone)
+	}
+}
+
+// GetMaxTokenPermissions returns the maximum allowed permissions
+func (cfg *OwnerActionsConfig) GetMaxTokenPermissions() repo_model.ActionsTokenPermissions {
+	if cfg.MaxTokenPermissions != nil {
+		return *cfg.MaxTokenPermissions
+	}
+	// Default max is write for everything
+	return repo_model.MakeActionsTokenPermissions(perm.AccessModeWrite)
+}
+
+// ClampPermissions ensures that the given permissions don't exceed the maximum
+func (cfg *OwnerActionsConfig) ClampPermissions(perms repo_model.ActionsTokenPermissions) repo_model.ActionsTokenPermissions {
+	maxPerms := cfg.GetMaxTokenPermissions()
+	return repo_model.ClampActionsTokenPermissions(perms, maxPerms)
+}
diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index c752e61b7d7..616e298dc97 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -51,6 +51,11 @@ type ActionRunJob struct {
 	ConcurrencyGroup  string `xorm:"index(repo_concurrency) NOT NULL DEFAULT ''"` // evaluated concurrency.group
 	ConcurrencyCancel bool   `xorm:"NOT NULL DEFAULT FALSE"`                      // evaluated concurrency.cancel-in-progress
 
+	// TokenPermissions stores the explicit permissions from workflow/job YAML (no org/repo clamps applied).
+	// Org/repo clamps are enforced when the token is used at runtime.
+	// It is JSON-encoded repo_model.ActionsTokenPermissions and may be empty if not specified.
+	TokenPermissions *repo_model.ActionsTokenPermissions `xorm:"JSON TEXT"`
+
 	Started timeutil.TimeStamp
 	Stopped timeutil.TimeStamp
 	Created timeutil.TimeStamp `xorm:"created"`
diff --git a/models/actions/token_permissions.go b/models/actions/token_permissions.go
new file mode 100644
index 00000000000..985f6cc97be
--- /dev/null
+++ b/models/actions/token_permissions.go
@@ -0,0 +1,60 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+	"context"
+
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
+)
+
+// ComputeTaskTokenPermissions computes the effective permissions for a job token against the target repository.
+// It uses the job's stored permissions (if any), then applies org/repo clamps and fork/cross-repo restrictions.
+// Note: target repository access policy checks are enforced in GetActionsUserRepoPermission; this function only computes the job token's effective permission ceiling.
+func ComputeTaskTokenPermissions(ctx context.Context, task *ActionTask, targetRepo *repo_model.Repository) (ret repo_model.ActionsTokenPermissions, err error) {
+	if err := task.LoadJob(ctx); err != nil {
+		return ret, err
+	}
+	if err := task.Job.LoadRepo(ctx); err != nil {
+		return ret, err
+	}
+	runRepo := task.Job.Repo
+
+	if err := runRepo.LoadOwner(ctx); err != nil {
+		return ret, err
+	}
+
+	repoActionsCfg := runRepo.MustGetUnit(ctx, unit.TypeActions).ActionsConfig()
+	ownerActionsCfg, err := GetOwnerActionsConfig(ctx, runRepo.OwnerID)
+	if err != nil {
+		return ret, err
+	}
+
+	var jobDeclaredPerms repo_model.ActionsTokenPermissions
+	if task.Job.TokenPermissions != nil {
+		jobDeclaredPerms = *task.Job.TokenPermissions
+	} else if repoActionsCfg.OverrideOwnerConfig {
+		jobDeclaredPerms = repoActionsCfg.GetDefaultTokenPermissions()
+	} else {
+		jobDeclaredPerms = ownerActionsCfg.GetDefaultTokenPermissions()
+	}
+
+	var effectivePerms repo_model.ActionsTokenPermissions
+	if repoActionsCfg.OverrideOwnerConfig {
+		effectivePerms = repoActionsCfg.ClampPermissions(jobDeclaredPerms)
+	} else {
+		effectivePerms = ownerActionsCfg.ClampPermissions(jobDeclaredPerms)
+	}
+
+	// Cross-repository access and fork pull requests are strictly read-only for security.
+	// This ensures a "task repo" cannot gain write access to other repositories via CrossRepoAccess settings.
+	isSameRepo := task.Job.RepoID == targetRepo.ID
+	restrictCrossRepoAccess := task.IsForkPullRequest || !isSameRepo
+	if restrictCrossRepoAccess {
+		effectivePerms = repo_model.ClampActionsTokenPermissions(effectivePerms, repo_model.MakeRestrictedPermissions())
+	}
+
+	return effectivePerms, nil
+}
diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
index c1d448577c6..dc5dc9f3308 100644
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@@ -402,6 +402,7 @@ func prepareMigrationTasks() []*migration {
 		newMigration(325, "Fix missed repo_id when migrate attachments", v1_26.FixMissedRepoIDWhenMigrateAttachments),
 		newMigration(326, "Migrate commit status target URL to use run ID and job ID", v1_26.FixCommitStatusTargetURLToUseRunAndJobID),
 		newMigration(327, "Add disabled state to action runners", v1_26.AddDisabledToActionRunner),
+		newMigration(328, "Add TokenPermissions column to ActionRunJob", v1_26.AddTokenPermissionsToActionRunJob),
 	}
 	return preparedMigrations
 }
diff --git a/models/migrations/v1_26/v328.go b/models/migrations/v1_26/v328.go
new file mode 100644
index 00000000000..81047305289
--- /dev/null
+++ b/models/migrations/v1_26/v328.go
@@ -0,0 +1,16 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_26
+
+import (
+	"xorm.io/xorm"
+)
+
+func AddTokenPermissionsToActionRunJob(x *xorm.Engine) error {
+	type ActionRunJob struct {
+		TokenPermissions string `xorm:"JSON TEXT"`
+	}
+	_, err := x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, new(ActionRunJob))
+	return err
+}
diff --git a/models/perm/access/actions_repo_permission_test.go b/models/perm/access/actions_repo_permission_test.go
new file mode 100644
index 00000000000..442f6cf2fc2
--- /dev/null
+++ b/models/perm/access/actions_repo_permission_test.go
@@ -0,0 +1,155 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package access
+
+import (
+	"testing"
+
+	actions_model "code.gitea.io/gitea/models/actions"
+	"code.gitea.io/gitea/models/db"
+	perm_model "code.gitea.io/gitea/models/perm"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestGetActionsUserRepoPermission(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+	ctx := t.Context()
+
+	// Use fixtures for repos and users
+	repo4 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})   // Public, Owner 5, has Actions unit
+	repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})   // Private, Owner 2, no Actions unit in fixtures
+	repo15 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 15}) // Private, Owner 2, no Actions unit in fixtures
+	owner2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	actionsUser := user_model.NewActionsUser()
+
+	// Ensure repo2 and repo15 have Actions units for testing configuration
+	for _, r := range []*repo_model.Repository{repo2, repo15} {
+		require.NoError(t, db.Insert(ctx, &repo_model.RepoUnit{
+			RepoID: r.ID,
+			Type:   unit.TypeActions,
+			Config: &repo_model.ActionsConfig{},
+		}))
+	}
+
+	t.Run("SameRepo_Public", func(t *testing.T) {
+		task47 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 47})
+		require.Equal(t, repo4.ID, task47.RepoID)
+
+		perm, err := GetActionsUserRepoPermission(ctx, repo4, actionsUser, task47.ID)
+		require.NoError(t, err)
+
+		// Public repo, bot should have Read access even if not collaborator
+		assert.Equal(t, perm_model.AccessModeNone, perm.AccessMode)
+		assert.True(t, perm.CanRead(unit.TypeCode))
+	})
+
+	t.Run("SameRepo_Private", func(t *testing.T) {
+		// Use Task 53 which is already in Repo 2 (Private)
+		task53 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 53})
+		require.Equal(t, repo2.ID, task53.RepoID)
+
+		perm, err := GetActionsUserRepoPermission(ctx, repo2, actionsUser, task53.ID)
+		require.NoError(t, err)
+
+		// Private repo, bot has no base access, but gets Write from effective tokens perms (Permissive by default)
+		assert.Equal(t, perm_model.AccessModeNone, perm.AccessMode)
+		assert.True(t, perm.CanWrite(unit.TypeCode))
+	})
+
+	t.Run("CrossRepo_Denied_None", func(t *testing.T) {
+		task53 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 53})
+
+		// Set owner policy to nil allowed repos (None)
+		cfg := actions_model.OwnerActionsConfig{}
+		require.NoError(t, actions_model.SetOwnerActionsConfig(ctx, owner2.ID, cfg))
+
+		perm, err := GetActionsUserRepoPermission(ctx, repo15, actionsUser, task53.ID)
+		require.NoError(t, err)
+
+		// Should NOT have access to the private repo.
+		assert.False(t, perm.CanRead(unit.TypeCode))
+	})
+
+	t.Run("ForkPR_NoCrossRepo", func(t *testing.T) {
+		task53 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 53})
+		task53.IsForkPullRequest = true
+		require.NoError(t, actions_model.UpdateTask(ctx, task53, "is_fork_pull_request"))
+
+		// Policy contains repo15
+		cfg := actions_model.OwnerActionsConfig{
+			AllowedCrossRepoIDs: []int64{repo15.ID},
+		}
+		require.NoError(t, actions_model.SetOwnerActionsConfig(ctx, owner2.ID, cfg))
+
+		perm, err := GetActionsUserRepoPermission(ctx, repo15, actionsUser, task53.ID)
+		require.NoError(t, err)
+
+		// Fork PR never gets cross-repo access to other private repos
+		assert.False(t, perm.CanRead(unit.TypeCode))
+	})
+
+	t.Run("Inheritance_And_Clamping", func(t *testing.T) {
+		task53 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 53})
+		task53.IsForkPullRequest = false
+		require.NoError(t, actions_model.UpdateTask(ctx, task53, "is_fork_pull_request"))
+
+		// Owner policy: Restricted mode (Read-only Code)
+		ownerCfg := actions_model.OwnerActionsConfig{
+			TokenPermissionMode: repo_model.ActionsTokenPermissionModeRestricted,
+			MaxTokenPermissions: &repo_model.ActionsTokenPermissions{
+				UnitAccessModes: map[unit.Type]perm_model.AccessMode{
+					unit.TypeCode: perm_model.AccessModeRead,
+				},
+			},
+		}
+		require.NoError(t, actions_model.SetOwnerActionsConfig(ctx, owner2.ID, ownerCfg))
+
+		// Repo policy: OverrideOwnerConfig = false (should inherit owner's restricted mode)
+		repo2ActionsUnit := repo2.MustGetUnit(ctx, unit.TypeActions)
+		repo2ActionsCfg := repo2ActionsUnit.ActionsConfig()
+		repo2ActionsCfg.OverrideOwnerConfig = false
+		require.NoError(t, repo_model.UpdateRepoUnitConfig(ctx, repo2ActionsUnit))
+
+		perm, err := GetActionsUserRepoPermission(ctx, repo2, actionsUser, task53.ID)
+		require.NoError(t, err)
+
+		// Should be clamped to Read-only
+		assert.Equal(t, perm_model.AccessModeRead, perm.UnitAccessMode(unit.TypeCode))
+		assert.False(t, perm.CanWrite(unit.TypeCode))
+	})
+
+	t.Run("RepoOverride_Clamping", func(t *testing.T) {
+		task53 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 53})
+
+		// Owner policy: Permissive (Write access)
+		ownerCfg := actions_model.OwnerActionsConfig{
+			TokenPermissionMode: repo_model.ActionsTokenPermissionModePermissive,
+		}
+		require.NoError(t, actions_model.SetOwnerActionsConfig(ctx, owner2.ID, ownerCfg))
+
+		// Repo policy: OverrideOwnerConfig = true, MaxTokenPermissions = Read
+		repo2ActionsUnit := repo2.MustGetUnit(ctx, unit.TypeActions)
+		repo2ActionsCfg := repo2ActionsUnit.ActionsConfig()
+		repo2ActionsCfg.OverrideOwnerConfig = true
+		repo2ActionsCfg.TokenPermissionMode = repo_model.ActionsTokenPermissionModeRestricted
+		repo2ActionsCfg.MaxTokenPermissions = &repo_model.ActionsTokenPermissions{
+			UnitAccessModes: map[unit.Type]perm_model.AccessMode{
+				unit.TypeCode: perm_model.AccessModeRead,
+			},
+		}
+		require.NoError(t, repo_model.UpdateRepoUnitConfig(ctx, repo2ActionsUnit))
+
+		perm, err := GetActionsUserRepoPermission(ctx, repo2, actionsUser, task53.ID)
+		require.NoError(t, err)
+
+		// Should be clamped to Read-only
+		assert.Equal(t, perm_model.AccessModeRead, perm.UnitAccessMode(unit.TypeCode))
+	})
+}
diff --git a/models/perm/access/repo_permission.go b/models/perm/access/repo_permission.go
index 3235d83203c..622fa5d99ab 100644
--- a/models/perm/access/repo_permission.go
+++ b/models/perm/access/repo_permission.go
@@ -7,6 +7,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"maps"
 	"slices"
 	"strings"
 
@@ -258,6 +259,23 @@ func finalProcessRepoUnitPermission(user *user_model.User, perm *Permission) {
 	}
 }
 
+func checkSameOwnerCrossRepoAccess(ctx context.Context, taskRepo, targetRepo *repo_model.Repository, isForkPR bool) bool {
+	if isForkPR {
+		// Fork PRs are never allowed cross-repo access to other private repositories of the owner.
+		return false
+	}
+	if taskRepo.OwnerID != targetRepo.OwnerID {
+		return false
+	}
+	ownerCfg, err := actions_model.GetOwnerActionsConfig(ctx, targetRepo.OwnerID)
+	if err != nil {
+		log.Error("GetOwnerActionsConfig: %v", err)
+		return false
+	}
+
+	return slices.Contains(ownerCfg.AllowedCrossRepoIDs, targetRepo.ID)
+}
+
 // GetActionsUserRepoPermission returns the actions user permissions to the repository
 func GetActionsUserRepoPermission(ctx context.Context, repo *repo_model.Repository, actionsUser *user_model.User, taskID int64) (perm Permission, err error) {
 	if actionsUser.ID != user_model.ActionsUserID {
@@ -268,37 +286,96 @@ func GetActionsUserRepoPermission(ctx context.Context, repo *repo_model.Reposito
 		return perm, err
 	}
 
-	var accessMode perm_model.AccessMode
+	if err := task.LoadJob(ctx); err != nil {
+		return perm, err
+	}
+
+	var taskRepo *repo_model.Repository
 	if task.RepoID != repo.ID {
-		taskRepo, exist, err := db.GetByID[repo_model.Repository](ctx, task.RepoID)
-		if err != nil || !exist {
+		if err := task.Job.LoadRepo(ctx); err != nil {
 			return perm, err
 		}
-		actionsCfg := repo.MustGetUnit(ctx, unit.TypeActions).ActionsConfig()
-		if !actionsCfg.IsCollaborativeOwner(taskRepo.OwnerID) || !taskRepo.IsPrivate {
-			// The task repo can access the current repo only if the task repo is private and
-			// the owner of the task repo is a collaborative owner of the current repo.
-			// FIXME should owner's visibility also be considered here?
+		taskRepo = task.Job.Repo
+	} else {
+		taskRepo = repo
+	}
 
-			// check permission like simple user but limit to read-only
-			perm, err = GetUserRepoPermission(ctx, repo, user_model.NewActionsUser())
+	// Compute effective permissions for this task against the target repo
+	effectivePerms, err := actions_model.ComputeTaskTokenPermissions(ctx, task, repo)
+	if err != nil {
+		return perm, err
+	}
+	if task.RepoID != repo.ID {
+		// Cross-repo access must also respect the target repo's permission ceiling.
+		targetRepoActionsCfg := repo.MustGetUnit(ctx, unit.TypeActions).ActionsConfig()
+		if targetRepoActionsCfg.OverrideOwnerConfig {
+			effectivePerms = targetRepoActionsCfg.ClampPermissions(effectivePerms)
+		} else {
+			targetRepoOwnerActionsCfg, err := actions_model.GetOwnerActionsConfig(ctx, repo.OwnerID)
 			if err != nil {
 				return perm, err
 			}
-			perm.AccessMode = min(perm.AccessMode, perm_model.AccessModeRead)
-			return perm, nil
+			effectivePerms = targetRepoOwnerActionsCfg.ClampPermissions(effectivePerms)
 		}
-		accessMode = perm_model.AccessModeRead
-	} else if task.IsForkPullRequest {
-		accessMode = perm_model.AccessModeRead
-	} else {
-		accessMode = perm_model.AccessModeWrite
 	}
 
 	if err := repo.LoadUnits(ctx); err != nil {
 		return perm, err
 	}
-	perm.SetUnitsWithDefaultAccessMode(repo.Units, accessMode)
+
+	var maxPerm Permission
+
+	// Set up per-unit access modes based on configured permissions
+	maxPerm.units = repo.Units
+	maxPerm.unitsMode = maps.Clone(effectivePerms.UnitAccessModes)
+
+	// Check permission like simple user but limit to read-only (PR #36095)
+	// Enhanced to also grant read-only access if isSameRepo is true and target repository is public
+	botPerm, err := GetUserRepoPermission(ctx, repo, user_model.NewActionsUser())
+	if err != nil {
+		return perm, err
+	}
+	if botPerm.AccessMode >= perm_model.AccessModeRead {
+		// Public repo allows read access, increase permissions to at least read
+		// Otherwise you cannot access your own repository if your permissions are set to none but the repository is public
+		for _, u := range repo.Units {
+			if botPerm.CanRead(u.Type) {
+				maxPerm.unitsMode[u.Type] = max(maxPerm.unitsMode[u.Type], perm_model.AccessModeRead)
+			}
+		}
+	}
+
+	if task.RepoID == repo.ID {
+		return maxPerm, nil
+	}
+
+	if checkSameOwnerCrossRepoAccess(ctx, taskRepo, repo, task.IsForkPullRequest) {
+		// Access allowed by owner policy (grants access to private repos).
+		// Note: maxPerm has already been restricted to Read-Only in ComputeTaskTokenPermissions
+		// because isSameRepo is false.
+		return maxPerm, nil
+	}
+
+	// Fall through to allow public repository read access via botPerm check below
+
+	// Check if the repo is public or the Bot has explicit access
+	if botPerm.AccessMode >= perm_model.AccessModeRead {
+		return maxPerm, nil
+	}
+
+	// Check Collaborative Owner and explicit Bot permissions
+	// We allow access if:
+	// 1. It's a collaborative owner relationship
+	// 2. The Actions Bot user has been explicitly granted access and repository is private
+	// 3. The repository is public (handled by botPerm above)
+
+	if taskRepo.IsPrivate {
+		actionsUnit := repo.MustGetUnit(ctx, unit.TypeActions)
+		if actionsUnit.ActionsConfig().IsCollaborativeOwner(taskRepo.OwnerID) {
+			return maxPerm, nil
+		}
+	}
+
 	return perm, nil
 }
 
diff --git a/models/repo/pull_request_default_test.go b/models/repo/pull_request_default_test.go
index 1c4f585ed90..b1653f2f1ae 100644
--- a/models/repo/pull_request_default_test.go
+++ b/models/repo/pull_request_default_test.go
@@ -26,7 +26,7 @@ func TestDefaultTargetBranchSelection(t *testing.T) {
 	prConfig := prUnit.PullRequestsConfig()
 	prConfig.DefaultTargetBranch = "branch2"
 	prUnit.Config = prConfig
-	assert.NoError(t, UpdateRepoUnit(ctx, prUnit))
+	assert.NoError(t, UpdateRepoUnitConfig(ctx, prUnit))
 	repo.Units = nil
 	assert.Equal(t, "branch2", repo.GetPullRequestTargetBranch(ctx))
 }
diff --git a/models/repo/repo_list.go b/models/repo/repo_list.go
index 811f83c9997..e927174a55f 100644
--- a/models/repo/repo_list.go
+++ b/models/repo/repo_list.go
@@ -778,3 +778,11 @@ func GetUserRepositories(ctx context.Context, opts SearchRepoOptions) (Repositor
 	repos := make(RepositoryList, 0, opts.PageSize)
 	return repos, count, db.SetSessionPagination(sess, &opts).Find(&repos)
 }
+
+func GetOwnerRepositoriesByIDs(ctx context.Context, ownerID int64, repoIDs []int64) (RepositoryList, error) {
+	if len(repoIDs) == 0 {
+		return RepositoryList{}, nil
+	}
+	repos := make(RepositoryList, 0, len(repoIDs))
+	return repos, db.GetEngine(ctx).Where(builder.Eq{"owner_id": ownerID}).In("id", repoIDs).Find(&repos)
+}
diff --git a/models/repo/repo_unit.go b/models/repo/repo_unit.go
index 491e96770c4..797b34de696 100644
--- a/models/repo/repo_unit.go
+++ b/models/repo/repo_unit.go
@@ -5,8 +5,6 @@ package repo
 
 import (
 	"context"
-	"slices"
-	"strings"
 
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/perm"
@@ -175,57 +173,6 @@ func DefaultPullRequestsUnit(repoID int64) RepoUnit {
 	return RepoUnit{RepoID: repoID, Type: unit.TypePullRequests, Config: DefaultPullRequestsConfig()}
 }
 
-type ActionsConfig struct {
-	DisabledWorkflows []string
-	// CollaborativeOwnerIDs is a list of owner IDs used to share actions from private repos.
-	// Only workflows from the private repos whose owners are in CollaborativeOwnerIDs can access the current repo's actions.
-	CollaborativeOwnerIDs []int64
-}
-
-func (cfg *ActionsConfig) EnableWorkflow(file string) {
-	cfg.DisabledWorkflows = util.SliceRemoveAll(cfg.DisabledWorkflows, file)
-}
-
-func (cfg *ActionsConfig) ToString() string {
-	return strings.Join(cfg.DisabledWorkflows, ",")
-}
-
-func (cfg *ActionsConfig) IsWorkflowDisabled(file string) bool {
-	return slices.Contains(cfg.DisabledWorkflows, file)
-}
-
-func (cfg *ActionsConfig) DisableWorkflow(file string) {
-	if slices.Contains(cfg.DisabledWorkflows, file) {
-		return
-	}
-
-	cfg.DisabledWorkflows = append(cfg.DisabledWorkflows, file)
-}
-
-func (cfg *ActionsConfig) AddCollaborativeOwner(ownerID int64) {
-	if !slices.Contains(cfg.CollaborativeOwnerIDs, ownerID) {
-		cfg.CollaborativeOwnerIDs = append(cfg.CollaborativeOwnerIDs, ownerID)
-	}
-}
-
-func (cfg *ActionsConfig) RemoveCollaborativeOwner(ownerID int64) {
-	cfg.CollaborativeOwnerIDs = util.SliceRemoveAll(cfg.CollaborativeOwnerIDs, ownerID)
-}
-
-func (cfg *ActionsConfig) IsCollaborativeOwner(ownerID int64) bool {
-	return slices.Contains(cfg.CollaborativeOwnerIDs, ownerID)
-}
-
-// FromDB fills up a ActionsConfig from serialized format.
-func (cfg *ActionsConfig) FromDB(bs []byte) error {
-	return json.UnmarshalHandleDoubleEncode(bs, &cfg)
-}
-
-// ToDB exports a ActionsConfig to a serialized format.
-func (cfg *ActionsConfig) ToDB() ([]byte, error) {
-	return json.Marshal(cfg)
-}
-
 // ProjectsMode represents the projects enabled for a repository
 type ProjectsMode string
 
@@ -279,7 +226,8 @@ func (cfg *ProjectsConfig) IsProjectsAllowed(m ProjectsMode) bool {
 func (r *RepoUnit) BeforeSet(colName string, val xorm.Cell) {
 	switch colName {
 	case "type":
-		switch unit.Type(db.Cell2Int64(val)) {
+		r.Type = unit.Type(db.Cell2Int64(val))
+		switch r.Type {
 		case unit.TypeExternalWiki:
 			r.Config = new(ExternalWikiConfig)
 		case unit.TypeExternalTracker:
@@ -297,6 +245,11 @@ func (r *RepoUnit) BeforeSet(colName string, val xorm.Cell) {
 		default:
 			r.Config = new(UnitConfig)
 		}
+	case "config":
+		if *val == nil {
+			// XROM doesn't call FromDB if the value is nil, but we need to set default values for the config fields
+			_ = r.Config.FromDB(nil)
+		}
 	}
 }
 
@@ -360,9 +313,9 @@ func getUnitsByRepoID(ctx context.Context, repoID int64) (units []*RepoUnit, err
 	return units, nil
 }
 
-// UpdateRepoUnit updates the provided repo unit
-func UpdateRepoUnit(ctx context.Context, unit *RepoUnit) error {
-	_, err := db.GetEngine(ctx).ID(unit.ID).Update(unit)
+// UpdateRepoUnitConfig updates the config of the provided repo unit
+func UpdateRepoUnitConfig(ctx context.Context, unit *RepoUnit) error {
+	_, err := db.GetEngine(ctx).ID(unit.ID).Cols("config").Update(unit)
 	return err
 }
 
diff --git a/models/repo/repo_unit_actions.go b/models/repo/repo_unit_actions.go
new file mode 100644
index 00000000000..50e2925792a
--- /dev/null
+++ b/models/repo/repo_unit_actions.go
@@ -0,0 +1,153 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"slices"
+
+	"code.gitea.io/gitea/models/perm"
+	"code.gitea.io/gitea/models/unit"
+	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/modules/util"
+)
+
+// ActionsTokenPermissionMode defines the default permission mode for Actions tokens
+type ActionsTokenPermissionMode string
+
+const (
+	// ActionsTokenPermissionModePermissive - write access by default (current behavior, backwards compatible)
+	ActionsTokenPermissionModePermissive ActionsTokenPermissionMode = "permissive"
+	// ActionsTokenPermissionModeRestricted - read access by default
+	ActionsTokenPermissionModeRestricted ActionsTokenPermissionMode = "restricted"
+)
+
+func (ActionsTokenPermissionMode) EnumValues() []ActionsTokenPermissionMode {
+	return []ActionsTokenPermissionMode{ActionsTokenPermissionModePermissive /* default */, ActionsTokenPermissionModeRestricted}
+}
+
+// ActionsTokenPermissions defines the permissions for different repository units
+type ActionsTokenPermissions struct {
+	UnitAccessModes map[unit.Type]perm.AccessMode `json:"unit_access_modes,omitempty"`
+}
+
+var ActionsTokenUnitTypes = []unit.Type{
+	unit.TypeCode,
+	unit.TypeIssues,
+	unit.TypePullRequests,
+	unit.TypePackages,
+	unit.TypeActions,
+	unit.TypeWiki,
+	unit.TypeReleases,
+	unit.TypeProjects,
+}
+
+func MakeActionsTokenPermissions(unitAccessMode perm.AccessMode) (ret ActionsTokenPermissions) {
+	ret.UnitAccessModes = make(map[unit.Type]perm.AccessMode)
+	for _, u := range ActionsTokenUnitTypes {
+		ret.UnitAccessModes[u] = unitAccessMode
+	}
+	return ret
+}
+
+// ClampActionsTokenPermissions ensures that the given permissions don't exceed the maximum
+func ClampActionsTokenPermissions(p1, p2 ActionsTokenPermissions) (ret ActionsTokenPermissions) {
+	ret.UnitAccessModes = make(map[unit.Type]perm.AccessMode)
+	for _, ut := range ActionsTokenUnitTypes {
+		ret.UnitAccessModes[ut] = min(p1.UnitAccessModes[ut], p2.UnitAccessModes[ut])
+	}
+	return ret
+}
+
+// MakeRestrictedPermissions returns the restricted permissions
+func MakeRestrictedPermissions() ActionsTokenPermissions {
+	ret := MakeActionsTokenPermissions(perm.AccessModeNone)
+	ret.UnitAccessModes[unit.TypeCode] = perm.AccessModeRead
+	ret.UnitAccessModes[unit.TypePackages] = perm.AccessModeRead
+	ret.UnitAccessModes[unit.TypeReleases] = perm.AccessModeRead
+	return ret
+}
+
+type ActionsConfig struct {
+	DisabledWorkflows []string
+	// CollaborativeOwnerIDs is a list of owner IDs used to share actions from private repos.
+	// Only workflows from the private repos whose owners are in CollaborativeOwnerIDs can access the current repo's actions.
+	CollaborativeOwnerIDs []int64
+	// TokenPermissionMode defines the default permission mode (permissive, restricted, or custom)
+	TokenPermissionMode ActionsTokenPermissionMode `json:"token_permission_mode,omitempty"`
+	// MaxTokenPermissions defines the absolute maximum permissions any token can have in this context.
+	// Workflow YAML "permissions" keywords can reduce permissions but never exceed this ceiling.
+	MaxTokenPermissions *ActionsTokenPermissions `json:"max_token_permissions,omitempty"`
+	// OverrideOwnerConfig indicates if this repository should override the owner-level configuration (User or Org)
+	OverrideOwnerConfig bool `json:"override_owner_config,omitempty"`
+}
+
+func (cfg *ActionsConfig) EnableWorkflow(file string) {
+	cfg.DisabledWorkflows = util.SliceRemoveAll(cfg.DisabledWorkflows, file)
+}
+
+func (cfg *ActionsConfig) IsWorkflowDisabled(file string) bool {
+	return slices.Contains(cfg.DisabledWorkflows, file)
+}
+
+func (cfg *ActionsConfig) DisableWorkflow(file string) {
+	if slices.Contains(cfg.DisabledWorkflows, file) {
+		return
+	}
+
+	cfg.DisabledWorkflows = append(cfg.DisabledWorkflows, file)
+}
+
+func (cfg *ActionsConfig) AddCollaborativeOwner(ownerID int64) {
+	if !slices.Contains(cfg.CollaborativeOwnerIDs, ownerID) {
+		cfg.CollaborativeOwnerIDs = append(cfg.CollaborativeOwnerIDs, ownerID)
+	}
+}
+
+func (cfg *ActionsConfig) RemoveCollaborativeOwner(ownerID int64) {
+	cfg.CollaborativeOwnerIDs = util.SliceRemoveAll(cfg.CollaborativeOwnerIDs, ownerID)
+}
+
+func (cfg *ActionsConfig) IsCollaborativeOwner(ownerID int64) bool {
+	return slices.Contains(cfg.CollaborativeOwnerIDs, ownerID)
+}
+
+// GetDefaultTokenPermissions returns the default token permissions by its TokenPermissionMode.
+// It does not apply MaxTokenPermissions; callers must clamp if needed.
+func (cfg *ActionsConfig) GetDefaultTokenPermissions() ActionsTokenPermissions {
+	switch cfg.TokenPermissionMode {
+	case ActionsTokenPermissionModeRestricted:
+		return MakeRestrictedPermissions()
+	case ActionsTokenPermissionModePermissive:
+		return MakeActionsTokenPermissions(perm.AccessModeWrite)
+	default:
+		return ActionsTokenPermissions{}
+	}
+}
+
+// GetMaxTokenPermissions returns the maximum allowed permissions
+func (cfg *ActionsConfig) GetMaxTokenPermissions() ActionsTokenPermissions {
+	if cfg.MaxTokenPermissions != nil {
+		return *cfg.MaxTokenPermissions
+	}
+	// Default max is write for everything
+	return MakeActionsTokenPermissions(perm.AccessModeWrite)
+}
+
+// ClampPermissions ensures that the given permissions don't exceed the maximum
+func (cfg *ActionsConfig) ClampPermissions(perms ActionsTokenPermissions) ActionsTokenPermissions {
+	maxPerms := cfg.GetMaxTokenPermissions()
+	return ClampActionsTokenPermissions(perms, maxPerms)
+}
+
+// FromDB fills up a ActionsConfig from serialized format.
+func (cfg *ActionsConfig) FromDB(bs []byte) error {
+	_ = json.UnmarshalHandleDoubleEncode(bs, &cfg)
+	cfg.TokenPermissionMode, _ = util.EnumValue(cfg.TokenPermissionMode)
+	return nil
+}
+
+// ToDB exports a ActionsConfig to a serialized format.
+func (cfg *ActionsConfig) ToDB() ([]byte, error) {
+	return json.Marshal(cfg)
+}
diff --git a/models/repo/repo_unit_test.go b/models/repo/repo_unit_test.go
index 56dda5672d4..08f9ac2cd4e 100644
--- a/models/repo/repo_unit_test.go
+++ b/models/repo/repo_unit_test.go
@@ -4,8 +4,12 @@
 package repo
 
 import (
+	"strings"
 	"testing"
 
+	"code.gitea.io/gitea/models/perm"
+	"code.gitea.io/gitea/models/unit"
+
 	"github.com/stretchr/testify/assert"
 )
 
@@ -26,5 +30,75 @@ func TestActionsConfig(t *testing.T) {
 	cfg.DisableWorkflow("test1.yaml")
 	cfg.DisableWorkflow("test2.yaml")
 	cfg.DisableWorkflow("test3.yaml")
-	assert.Equal(t, "test1.yaml,test2.yaml,test3.yaml", cfg.ToString())
+	assert.Equal(t, "test1.yaml,test2.yaml,test3.yaml", strings.Join(cfg.DisabledWorkflows, ","))
+}
+
+func TestActionsConfigTokenPermissions(t *testing.T) {
+	t.Run("Default Permission Mode", func(t *testing.T) {
+		cfg := &ActionsConfig{TokenPermissionMode: "invalid-value"}
+		_ = cfg.FromDB(nil)
+		assert.Equal(t, ActionsTokenPermissionModePermissive, cfg.TokenPermissionMode)
+		assert.Equal(t, perm.AccessModeWrite, cfg.GetDefaultTokenPermissions().UnitAccessModes[unit.TypeCode])
+	})
+
+	t.Run("Explicit Permission Mode", func(t *testing.T) {
+		cfg := &ActionsConfig{
+			TokenPermissionMode: ActionsTokenPermissionModeRestricted,
+		}
+		assert.Equal(t, ActionsTokenPermissionModeRestricted, cfg.TokenPermissionMode)
+	})
+
+	t.Run("Effective Permissions - Permissive Mode", func(t *testing.T) {
+		cfg := &ActionsConfig{
+			TokenPermissionMode: ActionsTokenPermissionModePermissive,
+		}
+		defaultPerms := cfg.GetDefaultTokenPermissions()
+		perms := cfg.ClampPermissions(defaultPerms)
+		assert.Equal(t, perm.AccessModeWrite, perms.UnitAccessModes[unit.TypeCode])
+		assert.Equal(t, perm.AccessModeWrite, perms.UnitAccessModes[unit.TypeIssues])
+		assert.Equal(t, perm.AccessModeWrite, perms.UnitAccessModes[unit.TypePackages])
+	})
+
+	t.Run("Effective Permissions - Restricted Mode", func(t *testing.T) {
+		cfg := &ActionsConfig{
+			TokenPermissionMode: ActionsTokenPermissionModeRestricted,
+		}
+		defaultPerms := cfg.GetDefaultTokenPermissions()
+		perms := cfg.ClampPermissions(defaultPerms)
+		assert.Equal(t, perm.AccessModeRead, perms.UnitAccessModes[unit.TypeCode])
+		assert.Equal(t, perm.AccessModeNone, perms.UnitAccessModes[unit.TypeIssues])
+		assert.Equal(t, perm.AccessModeRead, perms.UnitAccessModes[unit.TypePackages])
+	})
+
+	t.Run("Clamp Permissions", func(t *testing.T) {
+		cfg := &ActionsConfig{
+			MaxTokenPermissions: &ActionsTokenPermissions{
+				UnitAccessModes: map[unit.Type]perm.AccessMode{
+					unit.TypeCode:         perm.AccessModeRead,
+					unit.TypeIssues:       perm.AccessModeWrite,
+					unit.TypePullRequests: perm.AccessModeRead,
+					unit.TypePackages:     perm.AccessModeRead,
+					unit.TypeActions:      perm.AccessModeNone,
+					unit.TypeWiki:         perm.AccessModeWrite,
+				},
+			},
+		}
+		input := ActionsTokenPermissions{
+			UnitAccessModes: map[unit.Type]perm.AccessMode{
+				unit.TypeCode:         perm.AccessModeWrite, // Should be clamped to Read
+				unit.TypeIssues:       perm.AccessModeWrite, // Should stay Write
+				unit.TypePullRequests: perm.AccessModeWrite, // Should be clamped to Read
+				unit.TypePackages:     perm.AccessModeWrite, // Should be clamped to Read
+				unit.TypeActions:      perm.AccessModeRead,  // Should be clamped to None
+				unit.TypeWiki:         perm.AccessModeRead,  // Should stay Read
+			},
+		}
+		clamped := cfg.ClampPermissions(input)
+		assert.Equal(t, perm.AccessModeRead, clamped.UnitAccessModes[unit.TypeCode])
+		assert.Equal(t, perm.AccessModeWrite, clamped.UnitAccessModes[unit.TypeIssues])
+		assert.Equal(t, perm.AccessModeRead, clamped.UnitAccessModes[unit.TypePullRequests])
+		assert.Equal(t, perm.AccessModeRead, clamped.UnitAccessModes[unit.TypePackages])
+		assert.Equal(t, perm.AccessModeNone, clamped.UnitAccessModes[unit.TypeActions])
+		assert.Equal(t, perm.AccessModeRead, clamped.UnitAccessModes[unit.TypeWiki])
+	})
 }
diff --git a/models/user/setting.go b/models/user/setting.go
index c65afae76c8..a16fc86e55e 100644
--- a/models/user/setting.go
+++ b/models/user/setting.go
@@ -11,10 +11,12 @@ import (
 
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/cache"
+	"code.gitea.io/gitea/modules/json"
 	setting_module "code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 
 	"xorm.io/builder"
+	"xorm.io/xorm/convert"
 )
 
 // Setting is a key value store of user settings
@@ -211,3 +213,44 @@ func upsertUserSettingValue(ctx context.Context, userID int64, key, value string
 		return err
 	})
 }
+
+func GetUserSettingJSON[T any](ctx context.Context, userID int64, key string, def T) (ret T, _ error) {
+	ret = def
+	str, err := GetUserSetting(ctx, userID, key)
+	if err != nil {
+		return ret, err
+	}
+
+	conv, ok := any(&ret).(convert.ConversionFrom)
+	if !ok {
+		conv, ok = any(ret).(convert.ConversionFrom)
+	}
+	if ok {
+		if err := conv.FromDB(util.UnsafeStringToBytes(str)); err != nil {
+			return ret, err
+		}
+	} else {
+		if str == "" {
+			return ret, nil
+		}
+		err = json.Unmarshal(util.UnsafeStringToBytes(str), &ret)
+	}
+	return ret, err
+}
+
+func SetUserSettingJSON[T any](ctx context.Context, userID int64, key string, val T) (err error) {
+	conv, ok := any(&val).(convert.ConversionTo)
+	if !ok {
+		conv, ok = any(val).(convert.ConversionTo)
+	}
+	var bs []byte
+	if ok {
+		bs, err = conv.ToDB()
+	} else {
+		bs, err = json.Marshal(val)
+	}
+	if err != nil {
+		return err
+	}
+	return SetUserSetting(ctx, userID, key, util.UnsafeBytesToString(bs))
+}
diff --git a/models/user/setting_options.go b/models/user/setting_options.go
index 587a46e8dec..5867b908d1b 100644
--- a/models/user/setting_options.go
+++ b/models/user/setting_options.go
@@ -22,4 +22,6 @@ const (
 	SettingEmailNotificationGiteaActionsAll         = "all"
 	SettingEmailNotificationGiteaActionsFailureOnly = "failure-only" // Default for actions email preference
 	SettingEmailNotificationGiteaActionsDisabled    = "disabled"
+
+	SettingsKeyActionsConfig = "actions.config"
 )
diff --git a/modules/private/hook.go b/modules/private/hook.go
index 215996b9b99..ce87ccd8019 100644
--- a/modules/private/hook.go
+++ b/modules/private/hook.go
@@ -37,7 +37,7 @@ type HookOptions struct {
 	PushTrigger                     repository.PushTrigger
 	DeployKeyID                     int64 // if the pusher is a DeployKey, then UserID is the repo's org user.
 	IsWiki                          bool
-	ActionPerm                      int
+	ActionsTaskID                   int64 // if the pusher is an Actions user, the task ID
 }
 
 // SSHLogOption ssh log options
diff --git a/modules/repository/env.go b/modules/repository/env.go
index 55a81f006e2..ed2c6fef81a 100644
--- a/modules/repository/env.go
+++ b/modules/repository/env.go
@@ -11,25 +11,26 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 )
 
 // env keys for git hooks need
 const (
-	EnvRepoName     = "GITEA_REPO_NAME"
-	EnvRepoUsername = "GITEA_REPO_USER_NAME"
-	EnvRepoID       = "GITEA_REPO_ID"
-	EnvRepoIsWiki   = "GITEA_REPO_IS_WIKI"
-	EnvPusherName   = "GITEA_PUSHER_NAME"
-	EnvPusherEmail  = "GITEA_PUSHER_EMAIL"
-	EnvPusherID     = "GITEA_PUSHER_ID"
-	EnvKeyID        = "GITEA_KEY_ID" // public key ID
-	EnvDeployKeyID  = "GITEA_DEPLOY_KEY_ID"
-	EnvPRID         = "GITEA_PR_ID"
-	EnvPRIndex      = "GITEA_PR_INDEX" // not used by Gitea at the moment, it is for custom git hooks
-	EnvPushTrigger  = "GITEA_PUSH_TRIGGER"
-	EnvIsInternal   = "GITEA_INTERNAL_PUSH"
-	EnvAppURL       = "GITEA_ROOT_URL"
-	EnvActionPerm   = "GITEA_ACTION_PERM"
+	EnvRepoName      = "GITEA_REPO_NAME"
+	EnvRepoUsername  = "GITEA_REPO_USER_NAME"
+	EnvRepoID        = "GITEA_REPO_ID"
+	EnvRepoIsWiki    = "GITEA_REPO_IS_WIKI"
+	EnvPusherName    = "GITEA_PUSHER_NAME"
+	EnvPusherEmail   = "GITEA_PUSHER_EMAIL"
+	EnvPusherID      = "GITEA_PUSHER_ID"
+	EnvKeyID         = "GITEA_KEY_ID" // public key ID
+	EnvDeployKeyID   = "GITEA_DEPLOY_KEY_ID"
+	EnvPRID          = "GITEA_PR_ID"
+	EnvPRIndex       = "GITEA_PR_INDEX" // not used by Gitea at the moment, it is for custom git hooks
+	EnvPushTrigger   = "GITEA_PUSH_TRIGGER"
+	EnvIsInternal    = "GITEA_INTERNAL_PUSH"
+	EnvAppURL        = "GITEA_ROOT_URL"
+	EnvActionsTaskID = "GITEA_ACTIONS_TASK_ID"
 )
 
 type PushTrigger string
@@ -54,36 +55,39 @@ func PushingEnvironment(doer *user_model.User, repo *repo_model.Repository) []st
 	return FullPushingEnvironment(doer, doer, repo, repo.Name, 0, 0)
 }
 
+func DoerPushingEnvironment(doer *user_model.User, repo *repo_model.Repository, isWiki bool) []string {
+	env := []string{
+		EnvAppURL + "=" + setting.AppURL,
+		EnvRepoName + "=" + repo.Name + util.Iif(isWiki, ".wiki", ""),
+		EnvRepoUsername + "=" + repo.OwnerName,
+		EnvRepoID + "=" + strconv.FormatInt(repo.ID, 10),
+		EnvRepoIsWiki + "=" + strconv.FormatBool(isWiki),
+		EnvPusherName + "=" + doer.Name,
+		EnvPusherID + "=" + strconv.FormatInt(doer.ID, 10),
+	}
+	if !doer.KeepEmailPrivate {
+		env = append(env, EnvPusherEmail+"="+doer.Email)
+	}
+	if taskID, isActionsUser := user_model.GetActionsUserTaskID(doer); isActionsUser {
+		env = append(env, EnvActionsTaskID+"="+strconv.FormatInt(taskID, 10))
+	}
+	return env
+}
+
 // FullPushingEnvironment returns an os environment to allow hooks to work on push
 func FullPushingEnvironment(author, committer *user_model.User, repo *repo_model.Repository, repoName string, prID, prIndex int64) []string {
-	isWiki := "false"
-	if strings.HasSuffix(repoName, ".wiki") {
-		isWiki = "true"
-	}
-
+	isWiki := strings.HasSuffix(repoName, ".wiki")
 	authorSig := author.NewGitSig()
 	committerSig := committer.NewGitSig()
-
 	environ := append(os.Environ(),
 		"GIT_AUTHOR_NAME="+authorSig.Name,
 		"GIT_AUTHOR_EMAIL="+authorSig.Email,
 		"GIT_COMMITTER_NAME="+committerSig.Name,
 		"GIT_COMMITTER_EMAIL="+committerSig.Email,
-		EnvRepoName+"="+repoName,
-		EnvRepoUsername+"="+repo.OwnerName,
-		EnvRepoIsWiki+"="+isWiki,
-		EnvPusherName+"="+committer.Name,
-		EnvPusherID+"="+strconv.FormatInt(committer.ID, 10),
-		EnvRepoID+"="+strconv.FormatInt(repo.ID, 10),
 		EnvPRID+"="+strconv.FormatInt(prID, 10),
 		EnvPRIndex+"="+strconv.FormatInt(prIndex, 10),
-		EnvAppURL+"="+setting.AppURL,
 		"SSH_ORIGINAL_COMMAND=gitea-internal",
 	)
-
-	if !committer.KeepEmailPrivate {
-		environ = append(environ, EnvPusherEmail+"="+committer.Email)
-	}
-
+	environ = append(environ, DoerPushingEnvironment(committer, repo, isWiki)...)
 	return environ
 }
diff --git a/modules/util/util.go b/modules/util/util.go
index d7702439d64..7d1343f20d6 100644
--- a/modules/util/util.go
+++ b/modules/util/util.go
@@ -8,6 +8,7 @@ import (
 	"crypto/rand"
 	"fmt"
 	"math/big"
+	"slices"
 	"strconv"
 	"strings"
 
@@ -240,6 +241,20 @@ func OptionalArg[T any](optArg []T, defaultValue ...T) (ret T) {
 	return ret
 }
 
+type EnumConst[T comparable] interface {
+	EnumValues() []T
+}
+
+// EnumValue returns the value if it's in the enum const's values,
+// otherwise returns the first item of enums as default value.
+func EnumValue[T comparable](val EnumConst[T]) (ret T, valid bool) {
+	enums := val.EnumValues()
+	if slices.Contains(enums, val.(T)) {
+		return val.(T), true
+	}
+	return enums[0], false
+}
+
 func ReserveLineBreakForTextarea(input string) string {
 	// Since the content is from a form which is a textarea, the line endings are \r\n.
 	// It's a standard behavior of HTML.
diff --git a/options/locale/locale_en-US.json b/options/locale/locale_en-US.json
index 1eafb3c9d17..c9a13f8e210 100644
--- a/options/locale/locale_en-US.json
+++ b/options/locale/locale_en-US.json
@@ -646,6 +646,7 @@
   "user.block.note.edit": "Edit note",
   "user.block.list": "Blocked users",
   "user.block.list.none": "You have not blocked any users.",
+  "settings.general": "General",
   "settings.profile": "Profile",
   "settings.account": "Account",
   "settings.appearance": "Appearance",
@@ -3757,5 +3758,24 @@
   "git.filemode.normal_file": "Regular",
   "git.filemode.executable_file": "Executable",
   "git.filemode.symbolic_link": "Symlink",
-  "git.filemode.submodule": "Submodule"
+  "git.filemode.submodule": "Submodule",
+  "org.repos.none": "No repositories.",
+  "actions.general.permissions": "Actions Token Permissions",
+  "actions.general.token_permissions.mode": "Default Token Permissions",
+  "actions.general.token_permissions.mode.desc": "An Actions job will use the default permissions if it doesn't declare its permissions in the workflow file.",
+  "actions.general.token_permissions.mode.permissive": "Permissive",
+  "actions.general.token_permissions.mode.permissive.desc": "Read and write permissions for the job's repository.",
+  "actions.general.token_permissions.mode.restricted": "Restricted",
+  "actions.general.token_permissions.mode.restricted.desc": "Read-only permissions for contents units (code, releases) of the job's repository.",
+  "actions.general.token_permissions.override_owner": "Override owner-level configuration",
+  "actions.general.token_permissions.override_owner_desc": "If enabled, this repository will use its own Actions configuration instead of following the owner-level (user or organization) configuration.",
+  "actions.general.token_permissions.maximum": "Maximum Token Permissions",
+  "actions.general.token_permissions.maximum.description": "Actions job's effective permissions will be limited by the maximum permissions.",
+  "actions.general.token_permissions.fork_pr_note": "If a job is started by a pull request from a fork, its effective permissions won't exceed the read-only permissions.",
+  "actions.general.token_permissions.customize_max_permissions": "Customize maximum permissions",
+  "actions.general.cross_repo": "Cross-Repository Access",
+  "actions.general.cross_repo_desc": "Allow the selected repositories to be accessed (read-only) by all the repositories in this owner with GITEA_TOKEN when running Actions jobs.",
+  "actions.general.cross_repo_selected": "Selected repositories",
+  "actions.general.cross_repo_target_repos": "Target Repositories",
+  "actions.general.cross_repo_add": "Add Target Repository"
 }
diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go
index 704b777dbf7..2dbf072f3a8 100644
--- a/routers/private/hook_pre_receive.go
+++ b/routers/private/hook_pre_receive.go
@@ -496,16 +496,25 @@ func (ctx *preReceiveContext) loadPusherAndPermission() bool {
 	}
 
 	if ctx.opts.UserID == user_model.ActionsUserID {
-		ctx.user = user_model.NewActionsUser()
-		ctx.userPerm.AccessMode = perm_model.AccessMode(ctx.opts.ActionPerm)
-		if err := ctx.Repo.Repository.LoadUnits(ctx); err != nil {
-			log.Error("Unable to get User id %d Error: %v", ctx.opts.UserID, err)
+		taskID := ctx.opts.ActionsTaskID
+		ctx.user = user_model.NewActionsUserWithTaskID(taskID)
+		if taskID == 0 {
+			log.Error("HookPreReceive: ActionsUser with task ID 0")
 			ctx.JSON(http.StatusInternalServerError, private.Response{
-				Err: fmt.Sprintf("Unable to get User id %d Error: %v", ctx.opts.UserID, err),
+				Err: "ActionsUser with task ID 0",
 			})
 			return false
 		}
-		ctx.userPerm.SetUnitsWithDefaultAccessMode(ctx.Repo.Repository.Units, ctx.userPerm.AccessMode)
+
+		userPerm, err := access_model.GetActionsUserRepoPermission(ctx, ctx.Repo.Repository, ctx.user, taskID)
+		if err != nil {
+			log.Error("Unable to get Actions user repo permission for task %d Error: %v", taskID, err)
+			ctx.JSON(http.StatusInternalServerError, private.Response{
+				Err: fmt.Sprintf("Unable to get Actions user repo permission for task %d Error: %v", taskID, err),
+			})
+			return false
+		}
+		ctx.userPerm = userPerm
 	} else {
 		user, err := user_model.GetUserByID(ctx, ctx.opts.UserID)
 		if err != nil {
diff --git a/routers/web/admin/runners.go b/routers/web/admin/runners.go
deleted file mode 100644
index 4b89237364e..00000000000
--- a/routers/web/admin/runners.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package admin
-
-import (
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/services/context"
-)
-
-func RedirectToDefaultSetting(ctx *context.Context) {
-	ctx.Redirect(setting.AppSubURL + "/-/admin/actions/runners")
-}
diff --git a/routers/web/misc/misc.go b/routers/web/misc/misc.go
index 3d2f624263b..a50d9130ac2 100644
--- a/routers/web/misc/misc.go
+++ b/routers/web/misc/misc.go
@@ -51,6 +51,12 @@ func StaticRedirect(target string) func(w http.ResponseWriter, req *http.Request
 	}
 }
 
+func LocationRedirect(target string) func(w http.ResponseWriter, req *http.Request) {
+	return func(w http.ResponseWriter, req *http.Request) {
+		http.Redirect(w, req, target, http.StatusSeeOther)
+	}
+}
+
 func WebBannerDismiss(ctx *context.Context) {
 	_, rev, _ := setting.Config().Instance.WebBanner.ValueRevision(ctx)
 	middleware.SetSiteCookie(ctx.Resp, middleware.CookieWebBannerDismissed, strconv.Itoa(rev), 48*3600)
diff --git a/routers/web/org/setting/runners.go b/routers/web/org/setting/runners.go
deleted file mode 100644
index fe05709237d..00000000000
--- a/routers/web/org/setting/runners.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package setting
-
-import (
-	"code.gitea.io/gitea/services/context"
-)
-
-func RedirectToDefaultSetting(ctx *context.Context) {
-	ctx.Redirect(ctx.Org.OrgLink + "/settings/actions/runners")
-}
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index 6a48a2daa38..5c010dfbedf 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -832,7 +832,7 @@ func disableOrEnableWorkflowFile(ctx *context_module.Context, isEnable bool) {
 		cfg.DisableWorkflow(workflow)
 	}
 
-	if err := repo_model.UpdateRepoUnit(ctx, cfgUnit); err != nil {
+	if err := repo_model.UpdateRepoUnitConfig(ctx, cfgUnit); err != nil {
 		ctx.ServerError("UpdateRepoUnit", err)
 		return
 	}
diff --git a/routers/web/repo/githttp.go b/routers/web/repo/githttp.go
index e922ed99fc8..fb9445aed03 100644
--- a/routers/web/repo/githttp.go
+++ b/routers/web/repo/githttp.go
@@ -59,7 +59,6 @@ func CorsHandler() func(next http.Handler) http.Handler {
 // httpBase does the common work for git http services,
 // including early response, authentication, repository lookup and permission check.
 func httpBase(ctx *context.Context, optGitService ...string) *serviceHandler {
-	username := ctx.PathParam("username")
 	reponame := strings.TrimSuffix(ctx.PathParam("reponame"), ".git")
 
 	if ctx.FormString("go-get") == "1" {
@@ -131,10 +130,7 @@ func httpBase(ctx *context.Context, optGitService ...string) *serviceHandler {
 
 	// Only public pull don't need auth.
 	isPublicPull := repoExist && !repo.IsPrivate && isPull
-	var (
-		askAuth = !isPublicPull || setting.Service.RequireSignInViewStrict
-		environ []string
-	)
+	askAuth := !isPublicPull || setting.Service.RequireSignInViewStrict
 
 	// don't allow anonymous pulls if organization is not public
 	if isPublicPull {
@@ -184,21 +180,14 @@ func httpBase(ctx *context.Context, optGitService ...string) *serviceHandler {
 			return nil
 		}
 
-		environ = []string{
-			repo_module.EnvRepoUsername + "=" + username,
-			repo_module.EnvRepoName + "=" + reponame,
-			repo_module.EnvPusherName + "=" + ctx.Doer.Name,
-			repo_module.EnvPusherID + fmt.Sprintf("=%d", ctx.Doer.ID),
-			repo_module.EnvAppURL + "=" + setting.AppURL,
-		}
-
 		if repoExist {
 			// Because of special ref "refs/for" (agit) , need delay write permission check
 			if git.DefaultFeatures().SupportProcReceive {
 				accessMode = perm.AccessModeRead
 			}
 
-			if taskID, ok := user_model.GetActionsUserTaskID(ctx.Doer); ok {
+			taskID, isActionsUser := user_model.GetActionsUserTaskID(ctx.Doer)
+			if isActionsUser {
 				p, err := access_model.GetActionsUserRepoPermission(ctx, repo, ctx.Doer, taskID)
 				if err != nil {
 					ctx.ServerError("GetActionsUserRepoPermission", err)
@@ -209,7 +198,6 @@ func httpBase(ctx *context.Context, optGitService ...string) *serviceHandler {
 					ctx.PlainText(http.StatusNotFound, "Repository not found")
 					return nil
 				}
-				environ = append(environ, fmt.Sprintf("%s=%d", repo_module.EnvActionPerm, p.UnitAccessMode(unitType)))
 			} else {
 				p, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
 				if err != nil {
@@ -228,16 +216,6 @@ func httpBase(ctx *context.Context, optGitService ...string) *serviceHandler {
 				return nil
 			}
 		}
-
-		if !ctx.Doer.KeepEmailPrivate {
-			environ = append(environ, repo_module.EnvPusherEmail+"="+ctx.Doer.Email)
-		}
-
-		if isWiki {
-			environ = append(environ, repo_module.EnvRepoIsWiki+"=true")
-		} else {
-			environ = append(environ, repo_module.EnvRepoIsWiki+"=false")
-		}
 	}
 
 	if !repoExist {
@@ -286,7 +264,11 @@ func httpBase(ctx *context.Context, optGitService ...string) *serviceHandler {
 		}
 	}
 
-	environ = append(environ, repo_module.EnvRepoID+fmt.Sprintf("=%d", repo.ID))
+	var environ []string
+	if !isPull {
+		// if not "pull", then must be "push", and doer must exist
+		environ = repo_module.DoerPushingEnvironment(ctx.Doer, repo, isWiki)
+	}
 
 	return &serviceHandler{serviceType, repo, isWiki, environ}
 }
diff --git a/routers/web/repo/setting/actions.go b/routers/web/repo/setting/actions.go
index 9c2c9242d34..2237828d611 100644
--- a/routers/web/repo/setting/actions.go
+++ b/routers/web/repo/setting/actions.go
@@ -8,11 +8,13 @@ import (
 	"net/http"
 	"strings"
 
+	"code.gitea.io/gitea/models/actions"
 	repo_model "code.gitea.io/gitea/models/repo"
 	unit_model "code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/util"
+	shared_actions "code.gitea.io/gitea/routers/web/shared/actions"
 	"code.gitea.io/gitea/services/context"
 	repo_service "code.gitea.io/gitea/services/repository"
 )
@@ -34,8 +36,31 @@ func ActionsGeneralSettings(ctx *context.Context) {
 		return
 	}
 
+	actionsCfg := actionsUnit.ActionsConfig()
+
+	// Token permission settings
+	ctx.Data["TokenPermissionModePermissive"] = repo_model.ActionsTokenPermissionModePermissive
+	ctx.Data["TokenPermissionModeRestricted"] = repo_model.ActionsTokenPermissionModeRestricted
+
+	// Follow owner config (only for repos in orgs)
+	ctx.Data["OverrideOwnerConfig"] = actionsCfg.OverrideOwnerConfig
+	if actionsCfg.OverrideOwnerConfig {
+		ctx.Data["MaxTokenPermissions"] = actionsCfg.GetMaxTokenPermissions()
+		ctx.Data["TokenPermissionMode"] = actionsCfg.TokenPermissionMode
+		ctx.Data["EnableMaxTokenPermissions"] = actionsCfg.MaxTokenPermissions != nil
+	} else {
+		ownerActionsConfig, err := actions.GetOwnerActionsConfig(ctx, ctx.Repo.Repository.OwnerID)
+		if err != nil {
+			ctx.ServerError("GetOwnerActionsConfig", err)
+			return
+		}
+		ctx.Data["MaxTokenPermissions"] = ownerActionsConfig.GetMaxTokenPermissions()
+		ctx.Data["TokenPermissionMode"] = ownerActionsConfig.TokenPermissionMode
+		ctx.Data["EnableMaxTokenPermissions"] = ownerActionsConfig.MaxTokenPermissions != nil
+	}
+
 	if ctx.Repo.Repository.IsPrivate {
-		collaborativeOwnerIDs := actionsUnit.ActionsConfig().CollaborativeOwnerIDs
+		collaborativeOwnerIDs := actionsCfg.CollaborativeOwnerIDs
 		collaborativeOwners, err := user_model.GetUsersByIDs(ctx, collaborativeOwnerIDs)
 		if err != nil {
 			ctx.ServerError("GetUsersByIDs", err)
@@ -89,8 +114,8 @@ func AddCollaborativeOwner(ctx *context.Context) {
 	}
 	actionsCfg := actionsUnit.ActionsConfig()
 	actionsCfg.AddCollaborativeOwner(ownerID)
-	if err := repo_model.UpdateRepoUnit(ctx, actionsUnit); err != nil {
-		ctx.ServerError("UpdateRepoUnit", err)
+	if err := repo_model.UpdateRepoUnitConfig(ctx, actionsUnit); err != nil {
+		ctx.ServerError("UpdateRepoUnitConfig", err)
 		return
 	}
 
@@ -112,10 +137,59 @@ func DeleteCollaborativeOwner(ctx *context.Context) {
 		return
 	}
 	actionsCfg.RemoveCollaborativeOwner(ownerID)
-	if err := repo_model.UpdateRepoUnit(ctx, actionsUnit); err != nil {
-		ctx.ServerError("UpdateRepoUnit", err)
+	if err := repo_model.UpdateRepoUnitConfig(ctx, actionsUnit); err != nil {
+		ctx.ServerError("UpdateRepoUnitConfig", err)
 		return
 	}
 
 	ctx.JSONOK()
 }
+
+// UpdateTokenPermissions updates the token permission settings for the repository
+func UpdateTokenPermissions(ctx *context.Context) {
+	redirectURL := ctx.Repo.RepoLink + "/settings/actions/general"
+
+	actionsUnit, err := ctx.Repo.Repository.GetUnit(ctx, unit_model.TypeActions)
+	if err != nil {
+		ctx.ServerError("GetUnit", err)
+		return
+	}
+
+	actionsCfg := actionsUnit.ActionsConfig()
+
+	// Update Override Owner Config (for repos in orgs)
+	// If checked, it means we WANT to override (opt-out of following)
+	actionsCfg.OverrideOwnerConfig = ctx.FormBool("override_owner_config")
+
+	// Update permission mode (only if overriding owner config)
+	shouldUpdate := actionsCfg.OverrideOwnerConfig
+
+	if shouldUpdate {
+		permissionMode, permissionModeValid := util.EnumValue(repo_model.ActionsTokenPermissionMode(ctx.FormString("token_permission_mode")))
+		if !permissionModeValid {
+			ctx.Flash.Error("Invalid token permission mode")
+			ctx.Redirect(redirectURL)
+			return
+		}
+		actionsCfg.TokenPermissionMode = permissionMode
+	}
+
+	// Update Maximum Permissions (radio buttons: none/read/write)
+	enableMaxPermissions := ctx.FormBool("enable_max_permissions")
+	if shouldUpdate {
+		if enableMaxPermissions {
+			actionsCfg.MaxTokenPermissions = shared_actions.ParseMaxTokenPermissions(ctx)
+		} else {
+			// If not enabled, ensure any sent permissions are ignored and set to nil
+			actionsCfg.MaxTokenPermissions = nil
+		}
+	}
+
+	if err := repo_model.UpdateRepoUnitConfig(ctx, actionsUnit); err != nil {
+		ctx.ServerError("UpdateRepoUnitConfig", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.settings.update_settings_success"))
+	ctx.Redirect(redirectURL)
+}
diff --git a/routers/web/shared/actions/general.go b/routers/web/shared/actions/general.go
new file mode 100644
index 00000000000..8a924f6e1fe
--- /dev/null
+++ b/routers/web/shared/actions/general.go
@@ -0,0 +1,160 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+	"net/http"
+	"slices"
+	"strconv"
+
+	actions_model "code.gitea.io/gitea/models/actions"
+	"code.gitea.io/gitea/models/perm"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
+	"code.gitea.io/gitea/modules/templates"
+	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/services/context"
+)
+
+const (
+	tplOrgSettingsActionsGeneral  templates.TplName = "org/settings/actions_general"
+	tplUserSettingsActionsGeneral templates.TplName = "user/settings/actions_general"
+)
+
+// ParseMaxTokenPermissions parses the maximum token permissions from form values
+func ParseMaxTokenPermissions(ctx *context.Context) *repo_model.ActionsTokenPermissions {
+	parseMaxPerm := func(unitType unit.Type) perm.AccessMode {
+		value := ctx.FormString("max_unit_access_mode_" + strconv.Itoa(int(unitType)))
+		switch value {
+		case "write":
+			return perm.AccessModeWrite
+		case "read":
+			return perm.AccessModeRead
+		default:
+			return perm.AccessModeNone
+		}
+	}
+	ret := new(repo_model.MakeActionsTokenPermissions(perm.AccessModeNone))
+	for _, ut := range repo_model.ActionsTokenUnitTypes {
+		ret.UnitAccessModes[ut] = parseMaxPerm(ut)
+	}
+	return ret
+}
+
+// GeneralSettings renders the actions general settings page
+func GeneralSettings(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("actions.actions")
+
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+
+	if rCtx.IsOrg {
+		ctx.Data["PageIsOrgSettings"] = true
+		ctx.Data["PageIsOrgSettingsActionsGeneral"] = true
+	} else if rCtx.IsUser {
+		ctx.Data["PageIsUserSettings"] = true
+		ctx.Data["PageIsUserSettingsActionsGeneral"] = true
+	} else {
+		ctx.NotFound(nil)
+		return
+	}
+
+	// Load User/Org Actions Config
+	actionsCfg, err := actions_model.GetOwnerActionsConfig(ctx, rCtx.OwnerID)
+	if err != nil {
+		ctx.ServerError("GetOwnerActionsConfig", err)
+		return
+	}
+
+	ctx.Data["TokenPermissionMode"] = actionsCfg.TokenPermissionMode
+	ctx.Data["TokenPermissionModePermissive"] = repo_model.ActionsTokenPermissionModePermissive
+	ctx.Data["TokenPermissionModeRestricted"] = repo_model.ActionsTokenPermissionModeRestricted
+	ctx.Data["MaxTokenPermissions"] = actionsCfg.MaxTokenPermissions
+	if actionsCfg.MaxTokenPermissions == nil {
+		ctx.Data["MaxTokenPermissions"] = (&repo_model.ActionsConfig{}).GetMaxTokenPermissions()
+	}
+	ctx.Data["EnableMaxTokenPermissions"] = actionsCfg.MaxTokenPermissions != nil
+
+	// Load Allowed Repositories
+	allowedRepos, err := repo_model.GetOwnerRepositoriesByIDs(ctx, rCtx.OwnerID, actionsCfg.AllowedCrossRepoIDs)
+	if err != nil {
+		ctx.ServerError("GetOwnerRepositoriesByIDs", err)
+		return
+	}
+
+	ctx.Data["AllowedRepos"] = allowedRepos
+	ctx.Data["OwnerID"] = rCtx.OwnerID
+
+	if rCtx.IsOrg {
+		ctx.HTML(http.StatusOK, tplOrgSettingsActionsGeneral)
+	} else {
+		ctx.HTML(http.StatusOK, tplUserSettingsActionsGeneral)
+	}
+}
+
+// UpdateGeneralSettings responses for actions general settings page
+func UpdateGeneralSettings(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+
+	if !rCtx.IsOrg && !rCtx.IsUser {
+		ctx.NotFound(nil)
+		return
+	}
+
+	actionsCfg, err := actions_model.GetOwnerActionsConfig(ctx, rCtx.OwnerID)
+	if err != nil {
+		ctx.ServerError("GetOwnerActionsConfig", err)
+		return
+	}
+
+	if ctx.FormBool("cross_repo_add_target") {
+		targetRepoName := ctx.FormString("cross_repo_add_target_name")
+		if targetRepoName != "" {
+			targetRepo, err := repo_model.GetRepositoryByName(ctx, rCtx.OwnerID, targetRepoName)
+			if err != nil {
+				if repo_model.IsErrRepoNotExist(err) {
+					ctx.JSONError("Repository doesn't exist")
+					return
+				}
+				ctx.ServerError("GetRepositoryByName", err)
+				return
+			}
+			if !slices.Contains(actionsCfg.AllowedCrossRepoIDs, targetRepo.ID) {
+				actionsCfg.AllowedCrossRepoIDs = append(actionsCfg.AllowedCrossRepoIDs, targetRepo.ID)
+			}
+		}
+	}
+
+	if crossRepoRemoveTargetID := ctx.FormInt64("cross_repo_remove_target_id"); crossRepoRemoveTargetID != 0 {
+		actionsCfg.AllowedCrossRepoIDs = util.SliceRemoveAll(actionsCfg.AllowedCrossRepoIDs, crossRepoRemoveTargetID)
+	}
+
+	// Update Token Permission Mode
+	tokenPermissionMode, tokenPermissionModeValid := util.EnumValue(repo_model.ActionsTokenPermissionMode(ctx.FormString("token_permission_mode")))
+	if tokenPermissionModeValid {
+		actionsCfg.TokenPermissionMode = tokenPermissionMode
+		enableMaxPermissions := ctx.FormBool("enable_max_permissions")
+		// Update Maximum Permissions (radio buttons: none/read/write)
+		if enableMaxPermissions {
+			actionsCfg.MaxTokenPermissions = ParseMaxTokenPermissions(ctx)
+		} else {
+			actionsCfg.MaxTokenPermissions = nil
+		}
+	}
+
+	if err := actions_model.SetOwnerActionsConfig(ctx, rCtx.OwnerID, actionsCfg); err != nil {
+		ctx.ServerError("SetOwnerActionsConfig", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("settings.saved_successfully"))
+	ctx.JSONRedirect("") // use JSONRedirect because frontend uses form-fetch-action
+}
diff --git a/routers/web/shared/actions/runners.go b/routers/web/shared/actions/runners.go
index 8a4e93fe820..3609258440c 100644
--- a/routers/web/shared/actions/runners.go
+++ b/routers/web/shared/actions/runners.go
@@ -5,6 +5,7 @@ package actions
 
 import (
 	"errors"
+	"fmt"
 	"net/http"
 	"net/url"
 
@@ -58,8 +59,7 @@ func getRunnersCtx(ctx *context.Context) (*runnersCtx, error) {
 
 	if ctx.Data["PageIsOrgSettings"] == true {
 		if _, err := shared_user.RenderUserOrgHeader(ctx); err != nil {
-			ctx.ServerError("RenderUserOrgHeader", err)
-			return nil, nil //nolint:nilnil // error is already handled by ctx.ServerError
+			return nil, fmt.Errorf("RenderUserOrgHeader: %w", err)
 		}
 		return &runnersCtx{
 			RepoID:             0,
diff --git a/routers/web/user/setting/runner.go b/routers/web/user/setting/runner.go
deleted file mode 100644
index 2bb10cceb95..00000000000
--- a/routers/web/user/setting/runner.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package setting
-
-import (
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/services/context"
-)
-
-func RedirectToDefaultSetting(ctx *context.Context) {
-	ctx.Redirect(setting.AppSubURL + "/user/settings/actions/runners")
-}
diff --git a/routers/web/web.go b/routers/web/web.go
index fd5276e4e08..f09f1bde8fe 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -33,7 +33,6 @@ import (
 	"code.gitea.io/gitea/routers/web/healthcheck"
 	"code.gitea.io/gitea/routers/web/misc"
 	"code.gitea.io/gitea/routers/web/org"
-	org_setting "code.gitea.io/gitea/routers/web/org/setting"
 	"code.gitea.io/gitea/routers/web/repo"
 	"code.gitea.io/gitea/routers/web/repo/actions"
 	repo_setting "code.gitea.io/gitea/routers/web/repo/setting"
@@ -693,7 +692,11 @@ func registerWebRoutes(m *web.Router, webAuth *AuthMiddleware) {
 		}, packagesEnabled)
 
 		m.Group("/actions", func() {
-			m.Get("", user_setting.RedirectToDefaultSetting)
+			m.Get("", misc.LocationRedirect("./actions/general"))
+			m.Group("/general", func() {
+				m.Get("", shared_actions.GeneralSettings)
+				m.Post("", shared_actions.UpdateGeneralSettings)
+			})
 			addSettingsRunnersRoutes()
 			addSettingsSecretsRoutes()
 			addSettingsVariablesRoutes()
@@ -846,7 +849,7 @@ func registerWebRoutes(m *web.Router, webAuth *AuthMiddleware) {
 		}, oauth2Enabled)
 
 		m.Group("/actions", func() {
-			m.Get("", admin.RedirectToDefaultSetting)
+			m.Get("", misc.LocationRedirect("./actions/runners"))
 			addSettingsRunnersRoutes()
 			addSettingsVariablesRoutes()
 		})
@@ -998,7 +1001,11 @@ func registerWebRoutes(m *web.Router, webAuth *AuthMiddleware) {
 				})
 
 				m.Group("/actions", func() {
-					m.Get("", org_setting.RedirectToDefaultSetting)
+					m.Get("", misc.LocationRedirect("./actions/general"))
+					m.Group("/general", func() {
+						m.Get("", shared_actions.GeneralSettings)
+						m.Post("", shared_actions.UpdateGeneralSettings)
+					})
 					addSettingsRunnersRoutes()
 					addSettingsSecretsRoutes()
 					addSettingsVariablesRoutes()
@@ -1202,9 +1209,9 @@ func registerWebRoutes(m *web.Router, webAuth *AuthMiddleware) {
 		m.Group("/actions/general", func() {
 			m.Get("", repo_setting.ActionsGeneralSettings)
 			m.Post("/actions_unit", repo_setting.ActionsUnitPost)
-		})
+		}) // doesn't require actions enabled
 		m.Group("/actions", func() {
-			m.Get("", shared_actions.RedirectToDefaultSetting)
+			m.Get("", misc.LocationRedirect("./actions/general"))
 			addSettingsRunnersRoutes()
 			addSettingsSecretsRoutes()
 			addSettingsVariablesRoutes()
@@ -1213,6 +1220,7 @@ func registerWebRoutes(m *web.Router, webAuth *AuthMiddleware) {
 					m.Post("/add", repo_setting.AddCollaborativeOwner)
 					m.Post("/delete", repo_setting.DeleteCollaborativeOwner)
 				})
+				m.Post("/token_permissions", repo_setting.UpdateTokenPermissions)
 			})
 		}, actions.MustEnableActions)
 		// the follow handler must be under "settings", otherwise this incomplete repo can't be accessed
diff --git a/services/actions/permission_parser.go b/services/actions/permission_parser.go
new file mode 100644
index 00000000000..9ff6134a7ac
--- /dev/null
+++ b/services/actions/permission_parser.go
@@ -0,0 +1,141 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+	"code.gitea.io/gitea/models/perm"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
+	"code.gitea.io/gitea/modules/actions/jobparser"
+	"code.gitea.io/gitea/modules/setting"
+
+	"go.yaml.in/yaml/v4"
+)
+
+// ExtractJobPermissionsFromWorkflow extracts permissions from an already parsed workflow/job.
+// It returns nil if neither workflow nor job explicitly specifies permissions.
+func ExtractJobPermissionsFromWorkflow(flow *jobparser.SingleWorkflow, job *jobparser.Job) *repo_model.ActionsTokenPermissions {
+	if flow == nil || job == nil {
+		return nil
+	}
+
+	jobPerms := parseRawPermissionsExplicit(&job.RawPermissions)
+	if jobPerms != nil {
+		return jobPerms
+	}
+
+	workflowPerms := parseRawPermissionsExplicit(&flow.RawPermissions)
+	if workflowPerms != nil {
+		return workflowPerms
+	}
+
+	return nil
+}
+
+// parseRawPermissionsExplicit parses a YAML permissions node and returns only explicit scopes.
+// It returns nil if the node does not explicitly specify permissions.
+func parseRawPermissionsExplicit(rawPerms *yaml.Node) *repo_model.ActionsTokenPermissions {
+	if rawPerms == nil || (rawPerms.Kind == yaml.ScalarNode && rawPerms.Value == "") {
+		return nil
+	}
+
+	// Unwrap DocumentNode and resolve AliasNode
+	node := rawPerms
+	for node.Kind == yaml.DocumentNode || node.Kind == yaml.AliasNode {
+		if node.Kind == yaml.DocumentNode {
+			if len(node.Content) == 0 {
+				return nil
+			}
+			node = node.Content[0]
+		} else {
+			node = node.Alias
+		}
+	}
+
+	if node.Kind == yaml.ScalarNode && node.Value == "" {
+		return nil
+	}
+
+	// Handle scalar values: "read-all" or "write-all"
+	if node.Kind == yaml.ScalarNode {
+		switch node.Value {
+		case "read-all":
+			return new(repo_model.MakeActionsTokenPermissions(perm.AccessModeRead))
+		case "write-all":
+			return new(repo_model.MakeActionsTokenPermissions(perm.AccessModeWrite))
+		default:
+			// Explicit but unrecognized scalar: return all-none permissions.
+			return new(repo_model.MakeActionsTokenPermissions(perm.AccessModeNone))
+		}
+	}
+
+	// Handle mapping: individual permission scopes
+	if node.Kind == yaml.MappingNode {
+		result := repo_model.MakeActionsTokenPermissions(perm.AccessModeNone)
+
+		// Collect all scopes into a map first to handle priority
+		scopes := make(map[string]perm.AccessMode)
+		for i := 0; i < len(node.Content); i += 2 {
+			if i+1 >= len(node.Content) {
+				break
+			}
+			keyNode := node.Content[i]
+			valueNode := node.Content[i+1]
+
+			if keyNode.Kind != yaml.ScalarNode || valueNode.Kind != yaml.ScalarNode {
+				continue
+			}
+
+			scopes[keyNode.Value] = parseAccessMode(valueNode.Value)
+		}
+
+		// 1. Apply 'contents' first (lower priority)
+		if mode, ok := scopes["contents"]; ok {
+			result.UnitAccessModes[unit.TypeCode] = mode
+			result.UnitAccessModes[unit.TypeReleases] = mode
+		}
+
+		// 2. Apply all other scopes (overwrites contents if specified)
+		for scope, mode := range scopes {
+			switch scope {
+			case "contents":
+				// already handled
+			case "code":
+				result.UnitAccessModes[unit.TypeCode] = mode
+			case "issues":
+				result.UnitAccessModes[unit.TypeIssues] = mode
+			case "pull-requests":
+				result.UnitAccessModes[unit.TypePullRequests] = mode
+			case "packages":
+				result.UnitAccessModes[unit.TypePackages] = mode
+			case "actions":
+				result.UnitAccessModes[unit.TypeActions] = mode
+			case "wiki":
+				result.UnitAccessModes[unit.TypeWiki] = mode
+			case "releases":
+				result.UnitAccessModes[unit.TypeReleases] = mode
+			case "projects":
+				result.UnitAccessModes[unit.TypeProjects] = mode
+			default:
+				setting.PanicInDevOrTesting("Unrecognized permission scope: %s", scope)
+			}
+		}
+
+		return &result
+	}
+
+	return nil
+}
+
+// parseAccessMode converts a string access level to perm.AccessMode
+func parseAccessMode(s string) perm.AccessMode {
+	switch s {
+	case "write":
+		return perm.AccessModeWrite
+	case "read":
+		return perm.AccessModeRead
+	default:
+		return perm.AccessModeNone
+	}
+}
diff --git a/services/actions/permission_parser_test.go b/services/actions/permission_parser_test.go
new file mode 100644
index 00000000000..06352516fd8
--- /dev/null
+++ b/services/actions/permission_parser_test.go
@@ -0,0 +1,196 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+	"testing"
+
+	"code.gitea.io/gitea/models/perm"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
+	"code.gitea.io/gitea/modules/actions/jobparser"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"go.yaml.in/yaml/v4"
+)
+
+func TestParseRawPermissions_ReadAll(t *testing.T) {
+	var rawPerms yaml.Node
+	err := yaml.Unmarshal([]byte(`read-all`), &rawPerms)
+	assert.NoError(t, err)
+
+	result := parseRawPermissionsExplicit(&rawPerms)
+	require.NotNil(t, result)
+
+	assert.Equal(t, perm.AccessModeRead, result.UnitAccessModes[unit.TypeCode])
+	assert.Equal(t, perm.AccessModeRead, result.UnitAccessModes[unit.TypeIssues])
+	assert.Equal(t, perm.AccessModeRead, result.UnitAccessModes[unit.TypePullRequests])
+	assert.Equal(t, perm.AccessModeRead, result.UnitAccessModes[unit.TypePackages])
+	assert.Equal(t, perm.AccessModeRead, result.UnitAccessModes[unit.TypeActions])
+	assert.Equal(t, perm.AccessModeRead, result.UnitAccessModes[unit.TypeWiki])
+	assert.Equal(t, perm.AccessModeRead, result.UnitAccessModes[unit.TypeProjects])
+}
+
+func TestParseRawPermissions_WriteAll(t *testing.T) {
+	var rawPerms yaml.Node
+	err := yaml.Unmarshal([]byte(`write-all`), &rawPerms)
+	assert.NoError(t, err)
+
+	result := parseRawPermissionsExplicit(&rawPerms)
+	require.NotNil(t, result)
+
+	assert.Equal(t, perm.AccessModeWrite, result.UnitAccessModes[unit.TypeCode])
+	assert.Equal(t, perm.AccessModeWrite, result.UnitAccessModes[unit.TypeIssues])
+	assert.Equal(t, perm.AccessModeWrite, result.UnitAccessModes[unit.TypePullRequests])
+	assert.Equal(t, perm.AccessModeWrite, result.UnitAccessModes[unit.TypePackages])
+	assert.Equal(t, perm.AccessModeWrite, result.UnitAccessModes[unit.TypeActions])
+	assert.Equal(t, perm.AccessModeWrite, result.UnitAccessModes[unit.TypeWiki])
+	assert.Equal(t, perm.AccessModeWrite, result.UnitAccessModes[unit.TypeProjects])
+}
+
+func TestParseRawPermissions_IndividualScopes(t *testing.T) {
+	yamlContent := `
+contents: write
+issues: read
+pull-requests: none
+packages: write
+actions: read
+wiki: write
+projects: none
+`
+	var rawPerms yaml.Node
+	err := yaml.Unmarshal([]byte(yamlContent), &rawPerms)
+	assert.NoError(t, err)
+
+	result := parseRawPermissionsExplicit(&rawPerms)
+	require.NotNil(t, result)
+
+	assert.Equal(t, perm.AccessModeWrite, result.UnitAccessModes[unit.TypeCode])
+	assert.Equal(t, perm.AccessModeRead, result.UnitAccessModes[unit.TypeIssues])
+	assert.Equal(t, perm.AccessModeNone, result.UnitAccessModes[unit.TypePullRequests])
+	assert.Equal(t, perm.AccessModeWrite, result.UnitAccessModes[unit.TypePackages])
+	assert.Equal(t, perm.AccessModeRead, result.UnitAccessModes[unit.TypeActions])
+	assert.Equal(t, perm.AccessModeWrite, result.UnitAccessModes[unit.TypeWiki])
+	assert.Equal(t, perm.AccessModeNone, result.UnitAccessModes[unit.TypeProjects])
+}
+
+func TestParseRawPermissions_Priority(t *testing.T) {
+	t.Run("granular-wins-over-contents", func(t *testing.T) {
+		yamlContent := `
+contents: read
+code: write
+releases: none
+`
+		var rawPerms yaml.Node
+		err := yaml.Unmarshal([]byte(yamlContent), &rawPerms)
+		assert.NoError(t, err)
+
+		result := parseRawPermissionsExplicit(&rawPerms)
+		require.NotNil(t, result)
+
+		assert.Equal(t, perm.AccessModeWrite, result.UnitAccessModes[unit.TypeCode])
+		assert.Equal(t, perm.AccessModeNone, result.UnitAccessModes[unit.TypeReleases])
+	})
+
+	t.Run("contents-applied-first", func(t *testing.T) {
+		yamlContent := `
+code: none
+releases: write
+contents: read
+`
+		var rawPerms yaml.Node
+		err := yaml.Unmarshal([]byte(yamlContent), &rawPerms)
+		assert.NoError(t, err)
+
+		result := parseRawPermissionsExplicit(&rawPerms)
+		require.NotNil(t, result)
+
+		// code: none should win over contents: read
+		assert.Equal(t, perm.AccessModeNone, result.UnitAccessModes[unit.TypeCode])
+		// releases: write should win over contents: read
+		assert.Equal(t, perm.AccessModeWrite, result.UnitAccessModes[unit.TypeReleases])
+	})
+}
+
+func TestParseRawPermissions_EmptyNode(t *testing.T) {
+	var rawPerms yaml.Node
+	// Empty node
+
+	result := parseRawPermissionsExplicit(&rawPerms)
+
+	// Should return nil for non-explicit
+	assert.Nil(t, result)
+}
+
+func TestParseRawPermissions_NilNode(t *testing.T) {
+	result := parseRawPermissionsExplicit(nil)
+
+	// Should return nil
+	assert.Nil(t, result)
+}
+
+func TestParseAccessMode(t *testing.T) {
+	tests := []struct {
+		input    string
+		expected perm.AccessMode
+	}{
+		{"write", perm.AccessModeWrite},
+		{"read", perm.AccessModeRead},
+		{"none", perm.AccessModeNone},
+		{"", perm.AccessModeNone},
+		{"invalid", perm.AccessModeNone},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.input, func(t *testing.T) {
+			result := parseAccessMode(tt.input)
+			assert.Equal(t, tt.expected, result)
+		})
+	}
+}
+
+func TestExtractJobPermissionsFromWorkflow(t *testing.T) {
+	workflowYAML := `
+name: Test Permissions
+on: workflow_dispatch
+permissions: read-all
+
+jobs:
+  job-read-only:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "Full read-only"
+
+  job-none-perms:
+    permissions: none
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "Full read-only"
+
+  job-override:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - run: echo "Override to write"
+`
+
+	expectedPerms := map[string]*repo_model.ActionsTokenPermissions{}
+	expectedPerms["job-read-only"] = new(repo_model.MakeActionsTokenPermissions(perm.AccessModeRead))
+	expectedPerms["job-none-perms"] = new(repo_model.MakeActionsTokenPermissions(perm.AccessModeNone))
+	expectedPerms["job-override"] = new(repo_model.MakeActionsTokenPermissions(perm.AccessModeNone))
+	expectedPerms["job-override"].UnitAccessModes[unit.TypeCode] = perm.AccessModeWrite
+	expectedPerms["job-override"].UnitAccessModes[unit.TypeReleases] = perm.AccessModeWrite
+
+	singleWorkflows, err := jobparser.Parse([]byte(workflowYAML))
+	require.NoError(t, err)
+	for _, flow := range singleWorkflows {
+		jobID, jobDef := flow.Job()
+		require.NotNil(t, jobDef)
+		t.Run(jobID, func(t *testing.T) {
+			assert.Equal(t, expectedPerms[jobID], ExtractJobPermissionsFromWorkflow(flow, jobDef))
+		})
+	}
+}
diff --git a/services/actions/run.go b/services/actions/run.go
index c9eadc48d1e..e9fcdcaf43d 100644
--- a/services/actions/run.go
+++ b/services/actions/run.go
@@ -103,6 +103,7 @@ func InsertRun(ctx context.Context, run *actions_model.ActionRun, jobs []*jobpar
 
 		runJobs := make([]*actions_model.ActionRunJob, 0, len(jobs))
 		var hasWaitingJobs bool
+
 		for _, v := range jobs {
 			id, job := v.Job()
 			needs := job.Needs()
@@ -127,6 +128,11 @@ func InsertRun(ctx context.Context, run *actions_model.ActionRun, jobs []*jobpar
 				RunsOn:            job.RunsOn(),
 				Status:            util.Iif(shouldBlockJob, actions_model.StatusBlocked, actions_model.StatusWaiting),
 			}
+			// Parse workflow/job permissions (no clamping here)
+			if perms := ExtractJobPermissionsFromWorkflow(v, job); perms != nil {
+				runJob.TokenPermissions = perms
+			}
+
 			// check job concurrency
 			if job.RawConcurrency != nil {
 				rawConcurrency, err := yaml.Marshal(job.RawConcurrency)
diff --git a/services/actions/token_permission_design.md b/services/actions/token_permission_design.md
new file mode 100644
index 00000000000..d5318606d03
--- /dev/null
+++ b/services/actions/token_permission_design.md
@@ -0,0 +1,123 @@
+# Actions Token Permission System Design
+
+This document details the design of the Actions Token Permission system within Gitea, originally proposed in [#24635](https://github.com/go-gitea/gitea/issues/24635).
+
+## Design Philosophy & GitHub Differences
+
+Gitea Actions uses a **strict clamping mechanism** for token permissions.
+While workflows can request explicit permissions that exceed the repository's default baseline
+(e.g., requesting `write` when the default mode is `Restricted`),
+these requests are always bounded by a hard ceiling.
+
+The maximum allowable permissions (`MaxTokenPermissions`) are set at the Repository or Organization level.
+**Any permissions requested by a workflow are strictly clamped by this ceiling policy.**
+This ensures that workflows cannot bypass organizational or repository-level security restrictions.
+
+## Terminology
+
+### 1. `GITEA_TOKEN`
+- The automatic token generated for each Actions job.
+- Its permissions (read/write/none) are scoped to the repository and specific features (Code, Issues, etc.).
+
+### 2. Token Permission Mode
+- The default access level granted to a token when no explicit `permissions:` block is present in a workflow.
+- **Permissive**: Grants `write` access to most repository scopes by default.
+- **Restricted**: Grants `read` access (or none) to repository scopes by default.
+
+### 3. Actions Token Permissions
+- A structure representing the granular permission scopes available to a token.
+- Includes scopes like: Code, Releases (both grouped under `contents` in workflow syntax),
+  Issues, PullRequests, Actions, Wiki, and Projects.
+- **Note**: The `Packages` scope is supported in workflow/job `permissions:` blocks
+  but is currently hidden from the settings UI.
+
+### 4. Cross-Repository Access
+- By default, a token can access the repository where the workflow is running,
+  as well as any **public repositories (read-only)** on the instance.
+- Users and organizations can configure an `AllowedCrossRepoIDs` list in their owner-level settings
+  to grant the token **read-only** access to other private/internal repositories they own.
+- If the `AllowedCrossRepoIDs` list is empty, there is no cross-repository access
+  to other private repositories (default for enhanced security).
+- In any configuration, individual jobs can disable or limit cross-repo access
+  by explicitly restricting their permissions (e.g., `permissions: none`).
+- **Note on Forks**: Cross-repository access to private repositories is fundamentally denied
+  for workflows triggered by fork pull requests (see [Special Cases](#2-fork-pull-requests)).
+
+## Token Lifecycle & Permission Evaluation
+
+When a job starts, Gitea evaluates the requested permissions for the `GITEA_TOKEN` through a multistep clamping process:
+
+### Step 1: Determine Base Permissions From Workflow
+- If the job explicitly specifies a valid `permissions:` block, Gitea parses it.
+- If the job inherits a top-level `permissions:` block, Gitea parses that.
+- If an invalid or unparseable `permissions:` block is specified, or no explicit permissions are defined at all,
+  Gitea falls back to using the repository's default `TokenPermissionMode` (Permissive or Restricted)
+  to generate base permissions.
+
+### Step 2: Apply Repository Clamping
+- Repositories can define `MaxTokenPermissions` in their Actions settings.
+- The base permissions from Step 1 are clamped against these maximum allowed permissions.
+- If the repository says `Issues: read` and the workflow requests `Issues: write`, the final token gets `Issues: read`.
+
+### Step 3: Apply Organization/User Clamping (Hierarchical Override)
+- The organization (or user) has an owner-level configuration (`UserActionsConfig`) containing `MaxTokenPermissions`,
+  and these restrictions cascade down.
+- The repository's clamping limits cannot exceed the owner's limits
+  UNLESS the repository explicitly enables `OverrideOwnerConfig`.
+- If `OverrideOwnerConfig` is false, and the owner sets `MaxTokenPermissions` to `read` for all scopes,
+  no repository under that owner can grant `write` access, regardless of their own settings or the workflow's request.
+
+## Parsing Priority for "contents" Scope
+
+In GitHub Actions compatibility, the `contents` scope maps to multiple granular scopes in Gitea.
+- `contents: write` maps to `Code: write` and `Releases: write`.
+- When a workflow specifies both `contents` and a more granular scope (e.g., `code`),
+  the granular scope takes absolute priority.
+
+**Example YAML**:
+```yaml
+permissions:
+  contents: write
+  code: read
+```
+**Result**: The token gets `Code: read` (from granular) and `Releases: write` (from contents).
+
+## Special Cases & Edge Scenarios
+
+### 1. Empty Permissions Mapping (`permissions: {}`)
+- Explicitly setting an empty mapping means "revoke all permissions".
+- The token gets `none` for all scopes.
+
+### 2. Fork Pull Requests
+- Workflows triggered by Pull Requests from forks inherently operate in `Restricted` mode for security reasons.
+- The base permissions for the current repository are automatically downgraded to `read` (or `none`),
+  preventing untrusted code from modifying the repository.
+- **Cross-Repo Access in Forks**: For workflows triggered by fork pull requests, cross-repository access
+  to other private repositories is strictly denied, regardless of the `AllowedCrossRepoIDs` configuration.
+  Fork PRs can only read the target repository and truly public repositories.
+
+### 3. Public Repositories in Cross-Repo Access
+- As mentioned in Cross-Repository Access, truly public repositories can always be read by the token,
+  regardless of the `AllowedCrossRepoIDs` setting. The allowed list only governs access
+  to private/internal repositories owned by the same user or organization.
+
+## Packages Registry
+
+"Packages" belong to "owner" but not "repository". Although there is a function "linking a package to a repository",
+in most cases it doesn't really work. When accessing a package, usually there is no information about a repository.
+So the "packages" permission should be designed separately from other permissions.
+
+A possible approach is like this: let owner set packages permissions, and make the repositories follow.
+
+- On owner-level:
+   - Add a "Packages" permission section
+   - "Default permissions for all repositories" can be set to none/read/write
+   - Set different permissions for selected repositories (if needed), like the "Collaborators" permission setting
+
+- On repository-level:
+   - Now a repository can have "Packages" permission
+   - The repository-level "Packages" permission is clamped by the owner-level "Packages" permission
+   - If the owner-level "Packages" permission for this repository is read,
+     then the repository cannot set its "Packages" permission to write
+
+Maybe reusing the "org teams" permission system is a good choice: bind a repository's Actions token to a team.
diff --git a/services/actions/workflow.go b/services/actions/workflow.go
index faa540421fb..b41741403fd 100644
--- a/services/actions/workflow.go
+++ b/services/actions/workflow.go
@@ -41,7 +41,7 @@ func EnableOrDisableWorkflow(ctx *context.APIContext, workflowID string, isEnabl
 		cfg.DisableWorkflow(workflow.ID)
 	}
 
-	return repo_model.UpdateRepoUnit(ctx, cfgUnit)
+	return repo_model.UpdateRepoUnitConfig(ctx, cfgUnit)
 }
 
 func DispatchActionWorkflow(ctx reqctx.RequestContext, doer *user_model.User, repo *repo_model.Repository, gitRepo *git.Repository, workflowID, ref string, processInputs func(model *model.WorkflowDispatch, inputs map[string]any) error) (runID int64, _ error) {
diff --git a/services/doctor/fix16961.go b/services/doctor/fix16961.go
index 50d9ac6621a..63e33350ad5 100644
--- a/services/doctor/fix16961.go
+++ b/services/doctor/fix16961.go
@@ -296,7 +296,7 @@ func fixBrokenRepoUnits16961(ctx context.Context, logger log.Logger, autofix boo
 				return nil
 			}
 
-			return repo_model.UpdateRepoUnit(ctx, repoUnit)
+			return repo_model.UpdateRepoUnitConfig(ctx, repoUnit)
 		},
 	)
 	if err != nil {
diff --git a/services/pull/update_test.go b/services/pull/update_test.go
index 4b5772e35d5..0bb67544455 100644
--- a/services/pull/update_test.go
+++ b/services/pull/update_test.go
@@ -26,7 +26,7 @@ func TestIsUserAllowedToUpdate(t *testing.T) {
 	setRepoAllowRebaseUpdate := func(t *testing.T, repoID int64, allow bool) {
 		repoUnit := unittest.AssertExistsAndLoadBean(t, &repo_model.RepoUnit{RepoID: repoID, Type: unit.TypePullRequests})
 		repoUnit.PullRequestsConfig().AllowRebaseUpdate = allow
-		require.NoError(t, repo_model.UpdateRepoUnit(t.Context(), repoUnit))
+		require.NoError(t, repo_model.UpdateRepoUnitConfig(t.Context(), repoUnit))
 	}
 
 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
diff --git a/services/repository/transfer.go b/services/repository/transfer.go
index a601ee6f168..fbf357c3667 100644
--- a/services/repository/transfer.go
+++ b/services/repository/transfer.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"strings"
 
+	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/db"
 	issues_model "code.gitea.io/gitea/models/issues"
 	"code.gitea.io/gitea/models/organization"
@@ -246,6 +247,19 @@ func transferOwnership(ctx context.Context, doer *user_model.User, newOwnerName
 		return fmt.Errorf("recalculateAccesses: %w", err)
 	}
 
+	// Remove repository from old owner's Actions AllowedCrossRepoIDs if present
+	if oldActionsCfg, err := actions_model.GetOwnerActionsConfig(ctx, oldOwner.ID); err == nil {
+		newAllowedCrossRepoIDs := util.SliceRemoveAll(oldActionsCfg.AllowedCrossRepoIDs, repo.ID)
+		if len(newAllowedCrossRepoIDs) != len(oldActionsCfg.AllowedCrossRepoIDs) {
+			oldActionsCfg.AllowedCrossRepoIDs = newAllowedCrossRepoIDs
+			if err := actions_model.SetOwnerActionsConfig(ctx, oldOwner.ID, oldActionsCfg); err != nil {
+				return fmt.Errorf("SetOwnerActionsConfig: %w", err)
+			}
+		}
+	} else {
+		return fmt.Errorf("GetOwnerActionsConfig: %w", err)
+	}
+
 	// Update repository count.
 	if _, err := sess.Exec("UPDATE `user` SET num_repos=num_repos+1 WHERE id=?", newOwner.ID); err != nil {
 		return fmt.Errorf("increase new owner repository count: %w", err)
diff --git a/templates/org/settings/actions_general.tmpl b/templates/org/settings/actions_general.tmpl
new file mode 100644
index 00000000000..ebf9482f614
--- /dev/null
+++ b/templates/org/settings/actions_general.tmpl
@@ -0,0 +1,5 @@
+{{template "org/settings/layout_head" (dict "ctxData" .)}}
+<div class="org-setting-content">
+	{{template "shared/actions/owner_general_settings" .}}
+</div>
+{{template "org/settings/layout_footer" .}}
diff --git a/templates/org/settings/navbar.tmpl b/templates/org/settings/navbar.tmpl
index 58475de7e7a..4c06b2cb1ba 100644
--- a/templates/org/settings/navbar.tmpl
+++ b/templates/org/settings/navbar.tmpl
@@ -26,9 +26,12 @@
 		</a>
 		{{end}}
 		{{if .EnableActions}}
-		<details class="item toggleable-item" {{if or .PageIsSharedSettingsRunners .PageIsSharedSettingsSecrets .PageIsSharedSettingsVariables}}open{{end}}>
+		<details class="item toggleable-item" {{if or .PageIsOrgSettingsActionsGeneral .PageIsSharedSettingsRunners .PageIsSharedSettingsSecrets .PageIsSharedSettingsVariables}}open{{end}}>
 			<summary>{{ctx.Locale.Tr "actions.actions"}}</summary>
 			<div class="menu">
+				<a class="{{if .PageIsOrgSettingsActionsGeneral}}active {{end}}item" href="{{.OrgLink}}/settings/actions">
+					{{ctx.Locale.Tr "settings.general"}}
+				</a>
 				<a class="{{if .PageIsSharedSettingsRunners}}active {{end}}item" href="{{.OrgLink}}/settings/actions/runners">
 					{{ctx.Locale.Tr "actions.runners"}}
 				</a>
diff --git a/templates/repo/settings/actions_general.tmpl b/templates/repo/settings/actions_general.tmpl
index 24f59bd4534..c4f55698345 100644
--- a/templates/repo/settings/actions_general.tmpl
+++ b/templates/repo/settings/actions_general.tmpl
@@ -1,10 +1,11 @@
+{{$isActionsEnabled := .Repository.UnitEnabled ctx ctx.Consts.RepoUnitTypeActions}}
 <div class="repo-setting-content">
+	<!-- Enable/Disable Actions Section (First) -->
 	<h4 class="ui top attached header">
 		{{ctx.Locale.Tr "actions.general.enable_actions"}}
 	</h4>
 	<div class="ui attached segment">
 		<form class="ui form" action="{{.Link}}/actions_unit" method="post">
-			{{$isActionsEnabled := .Repository.UnitEnabled ctx ctx.Consts.RepoUnitTypeActions}}
 			{{$isActionsGlobalDisabled := ctx.Consts.RepoUnitTypeActions.UnitGlobalDisabled}}
 			<div class="inline field">
 				<label>{{ctx.Locale.Tr "actions.actions"}}</label>
@@ -22,8 +23,40 @@
 		</form>
 	</div>
 
-{{if and .EnableActions (.Permission.CanRead ctx.Consts.RepoUnitTypeActions)}}
+{{if $isActionsEnabled}}
+	<!-- Token Permissions Section -->
+	<h4 class="ui top attached header">
+		{{ctx.Locale.Tr "actions.general.permissions"}}
+	</h4>
+	<div class="ui attached segment">
+		<form class="ui form" action="{{.RepoLink}}/settings/actions/general/token_permissions" method="post" data-global-init="initRepoActionsPermissionsForm">
+			<!-- Override Owner Configuration -->
+			<div class="field">
+				<div class="ui checkbox">
+					<input type="checkbox" name="override_owner_config" {{if .OverrideOwnerConfig}}checked{{end}}>
+					<label><strong>{{ctx.Locale.Tr "actions.general.token_permissions.override_owner"}}</strong></label>
+				</div>
+				<div class="help">{{ctx.Locale.Tr "actions.general.token_permissions.override_owner_desc"}}</div>
+			</div>
+
+			<div class="divider"></div>
+
+			<div class="field js-repo-token-permissions-config">
+				{{template "shared/actions/permission_mode_select" .}}
+				<div class="divider"></div>
+				{{template "shared/actions/permissions_table" .}}
+			</div>
+
+			<div class="field">
+				<button class="ui primary button">{{ctx.Locale.Tr "repo.settings.update_settings"}}</button>
+			</div>
+		</form>
+	</div>
+{{end}}
+
+{{if $isActionsEnabled}}
 	{{if .Repository.IsPrivate}}
+	<!-- Collaborative Owners Section -->
 	<h4 class="ui top attached header">
 		{{ctx.Locale.Tr "actions.general.collaborative_owners_management"}}
 	</h4>
diff --git a/templates/shared/actions/owner_general_settings.tmpl b/templates/shared/actions/owner_general_settings.tmpl
new file mode 100644
index 00000000000..39a79c94c27
--- /dev/null
+++ b/templates/shared/actions/owner_general_settings.tmpl
@@ -0,0 +1,58 @@
+<h4 class="ui top attached header">
+	{{ctx.Locale.Tr "actions.general.cross_repo"}}
+</h4>
+<div class="ui attached segment">
+	<form class="ui form form-fetch-action " action="{{.Link}}" method="post">
+		<!-- Cross-Repository Access -->
+		<div class="help">{{ctx.Locale.Tr "actions.general.cross_repo_desc"}}</div>
+
+		<!-- Allowed Repositories List -->
+		<div class="field tw-mt-4">
+			<h5 class="ui header">
+				{{ctx.Locale.Tr "actions.general.cross_repo_target_repos"}}
+			</h5>
+			<div class="ui attached segment tw-p-2">
+				<div class="ui divided relaxed list flex-items-block muted-links">
+					{{range $repo := .AllowedRepos}}
+					<div class="item">
+						{{template "repo/icon" $repo}}
+						<a class="tw-flex-1" href="{{$repo.Link}}">{{$repo.FullName}}</a>
+						<button class="ui red compact tiny button link-action" type="button" data-url="?cross_repo_remove_target_id={{$repo.ID}}">{{ctx.Locale.Tr "remove"}}</button>
+					</div>
+					{{else}}
+					<div class="item">
+						{{ctx.Locale.Tr "org.repos.none"}}
+					</div>
+					{{end}}
+				</div>
+			</div>
+
+			<h5 class="ui header">
+				{{ctx.Locale.Tr "actions.general.cross_repo_add"}}
+			</h5>
+			<div class="flex-text-block">
+				<div data-global-init="initSearchRepoBox" data-uid="{{.OwnerID}}" data-exclusive="true" class="ui search tw-flex-1">
+					<div class="ui input">
+						<input class="prompt" name="cross_repo_add_target_name" required placeholder="{{ctx.Locale.Tr "search.repo_kind"}}" autocomplete="off">
+					</div>
+				</div>
+				<button class="ui primary button" type="submit" name="cross_repo_add_target" value="true">{{ctx.Locale.Tr "add"}}</button>
+			</div>
+		</div>
+	</form>
+</div>
+
+<h4 class="ui top attached header">
+	{{ctx.Locale.Tr "actions.general.permissions"}}
+</h4>
+<div class="ui attached segment">
+	<form class="ui form form-fetch-action" action="{{.Link}}" method="post" data-global-init="initOwnerActionsPermissionsForm">
+		{{template "shared/actions/permission_mode_select" .}}
+		<div class="divider"></div>
+		{{template "shared/actions/permissions_table" .}}
+
+		<div class="field">
+			<button class="ui primary button">{{ctx.Locale.Tr "repo.settings.update_settings"}}</button>
+		</div>
+	</form>
+</div>
diff --git a/templates/shared/actions/permission_mode_select.tmpl b/templates/shared/actions/permission_mode_select.tmpl
new file mode 100644
index 00000000000..f968a7d4508
--- /dev/null
+++ b/templates/shared/actions/permission_mode_select.tmpl
@@ -0,0 +1,18 @@
+<div class="field js-permission-mode-section">
+	<label>{{ctx.Locale.Tr "actions.general.token_permissions.mode"}}</label>
+	<div class="help">{{ctx.Locale.Tr "actions.general.token_permissions.mode.desc"}}</div>
+	<div class="field">
+		<div class="ui radio checkbox">
+			<input type="radio" name="token_permission_mode" value="{{.TokenPermissionModePermissive}}" {{if eq .TokenPermissionMode .TokenPermissionModePermissive}}checked{{end}}>
+			<label>{{ctx.Locale.Tr "actions.general.token_permissions.mode.permissive"}}</label>
+			<div class="help">{{ctx.Locale.Tr "actions.general.token_permissions.mode.permissive.desc"}}</div>
+		</div>
+	</div>
+	<div class="field">
+		<div class="ui radio checkbox">
+			<input type="radio" name="token_permission_mode" value="{{.TokenPermissionModeRestricted}}" {{if eq .TokenPermissionMode .TokenPermissionModeRestricted}}checked{{end}}>
+			<label>{{ctx.Locale.Tr "actions.general.token_permissions.mode.restricted"}}</label>
+			<div class="help">{{ctx.Locale.Tr "actions.general.token_permissions.mode.restricted.desc"}}</div>
+		</div>
+	</div>
+</div>
diff --git a/templates/shared/actions/permissions_table.tmpl b/templates/shared/actions/permissions_table.tmpl
new file mode 100644
index 00000000000..7181d22ca0a
--- /dev/null
+++ b/templates/shared/actions/permissions_table.tmpl
@@ -0,0 +1,77 @@
+<div class="field">
+	<label>{{ctx.Locale.Tr "actions.general.token_permissions.maximum"}}</label>
+
+	<div class="help">
+		{{ctx.Locale.Tr "actions.general.token_permissions.maximum.description"}}
+		<br>
+		{{ctx.Locale.Tr "actions.general.token_permissions.fork_pr_note"}}
+	</div>
+
+	<div class="field">
+		<div class="ui checkbox">
+			<input type="checkbox" name="enable_max_permissions" {{if .EnableMaxTokenPermissions}}checked{{end}}>
+			<label>{{ctx.Locale.Tr "actions.general.token_permissions.customize_max_permissions"}}</label>
+		</div>
+	</div>
+
+	<table class="ui celled table js-permissions-table">
+		<thead>
+			<tr>
+				<th class="tw-w-2/5">{{ctx.Locale.Tr "units.unit"}}</th>
+				<th class="tw-text-center">{{ctx.Locale.Tr "org.teams.none_access"}}
+					<span class="tw-align-middle" data-tooltip-content="{{ctx.Locale.Tr "org.teams.none_access_helper"}}">{{svg "octicon-question" 16 "tw-ml-1"}}</span>
+				</th>
+				<th class="tw-text-center">{{ctx.Locale.Tr "org.teams.read_access"}}
+					<span class="tw-align-middle" data-tooltip-content="{{ctx.Locale.Tr "org.teams.read_access_helper"}}">{{svg "octicon-question" 16 "tw-ml-1"}}</span>
+				</th>
+				<th class="tw-text-center">{{ctx.Locale.Tr "org.teams.write_access"}}
+					<span class="tw-align-middle" data-tooltip-content="{{ctx.Locale.Tr "org.teams.write_access_helper"}}">{{svg "octicon-question" 16 "tw-ml-1"}}</span>
+				</th>
+			</tr>
+		</thead>
+		<tbody>
+			{{template "shared/actions/permissions_table_unit" (dict
+				"UnitType" ctx.Consts.RepoUnitTypeCode
+				"UnitDisplayName" (ctx.Locale.Tr "repo.code")
+				"UnitDisplayDesc" (ctx.Locale.Tr "repo.code.desc")
+				"UnitAccessMode" (index $.MaxTokenPermissions.UnitAccessModes ctx.Consts.RepoUnitTypeCode)
+			)}}
+			{{template "shared/actions/permissions_table_unit" (dict
+				"UnitType" ctx.Consts.RepoUnitTypeIssues
+				"UnitDisplayName" (ctx.Locale.Tr "repo.issues")
+				"UnitDisplayDesc" (ctx.Locale.Tr "repo.issues.desc")
+				"UnitAccessMode" (index $.MaxTokenPermissions.UnitAccessModes ctx.Consts.RepoUnitTypeIssues)
+			)}}
+			{{template "shared/actions/permissions_table_unit" (dict
+				"UnitType" ctx.Consts.RepoUnitTypePullRequests
+				"UnitDisplayName" (ctx.Locale.Tr "repo.pulls")
+				"UnitDisplayDesc" (ctx.Locale.Tr "repo.pulls.desc")
+				"UnitAccessMode" (index $.MaxTokenPermissions.UnitAccessModes ctx.Consts.RepoUnitTypePullRequests)
+			)}}
+			{{template "shared/actions/permissions_table_unit" (dict
+				"UnitType" ctx.Consts.RepoUnitTypeWiki
+				"UnitDisplayName" (ctx.Locale.Tr "repo.wiki")
+				"UnitDisplayDesc" (ctx.Locale.Tr "repo.wiki.desc")
+				"UnitAccessMode" (index $.MaxTokenPermissions.UnitAccessModes ctx.Consts.RepoUnitTypeWiki)
+			)}}
+			{{template "shared/actions/permissions_table_unit" (dict
+				"UnitType" ctx.Consts.RepoUnitTypeReleases
+				"UnitDisplayName" (ctx.Locale.Tr "repo.releases")
+				"UnitDisplayDesc" (ctx.Locale.Tr "repo.releases.desc")
+				"UnitAccessMode" (index $.MaxTokenPermissions.UnitAccessModes ctx.Consts.RepoUnitTypeReleases)
+			)}}
+			{{template "shared/actions/permissions_table_unit" (dict
+				"UnitType" ctx.Consts.RepoUnitTypeProjects
+				"UnitDisplayName" (ctx.Locale.Tr "repo.projects")
+				"UnitDisplayDesc" (ctx.Locale.Tr "repo.projects.desc")
+				"UnitAccessMode" (index $.MaxTokenPermissions.UnitAccessModes ctx.Consts.RepoUnitTypeProjects)
+			)}}
+			{{template "shared/actions/permissions_table_unit" (dict
+				"UnitType" ctx.Consts.RepoUnitTypeActions
+				"UnitDisplayName" (ctx.Locale.Tr "repo.actions")
+				"UnitDisplayDesc" (ctx.Locale.Tr "actions.unit.desc")
+				"UnitAccessMode" (index $.MaxTokenPermissions.UnitAccessModes ctx.Consts.RepoUnitTypeActions)
+			)}}
+		</tbody>
+	</table>
+</div>
diff --git a/templates/shared/actions/permissions_table_unit.tmpl b/templates/shared/actions/permissions_table_unit.tmpl
new file mode 100644
index 00000000000..3d37ed9abf7
--- /dev/null
+++ b/templates/shared/actions/permissions_table_unit.tmpl
@@ -0,0 +1,24 @@
+<tr>
+	<td>
+		<strong>{{.UnitDisplayName}}</strong>
+		<div class="help">{{.UnitDisplayDesc}}</div>
+	</td>
+	<td class="tw-text-center">
+		<div class="ui radio checkbox">
+			<input type="radio" name="max_unit_access_mode_{{.UnitType}}" value="none" {{if not .UnitAccessMode}}checked{{end}} title="{{ctx.Locale.Tr "org.teams.none_access"}}">
+			<label></label>
+		</div>
+	</td>
+	<td class="tw-text-center">
+		<div class="ui radio checkbox">
+			<input type="radio" name="max_unit_access_mode_{{.UnitType}}" value="read" {{if eq .UnitAccessMode 1}}checked{{end}} title="{{ctx.Locale.Tr "org.teams.read_access"}}">
+			<label></label>
+		</div>
+	</td>
+	<td class="tw-text-center">
+		<div class="ui radio checkbox">
+			<input type="radio" name="max_unit_access_mode_{{.UnitType}}" value="write" {{if eq .UnitAccessMode 2}}checked{{end}} title="{{ctx.Locale.Tr "org.teams.write_access"}}">
+			<label></label>
+		</div>
+	</td>
+</tr>
diff --git a/templates/user/settings/actions_general.tmpl b/templates/user/settings/actions_general.tmpl
new file mode 100644
index 00000000000..86ad0d1dd38
--- /dev/null
+++ b/templates/user/settings/actions_general.tmpl
@@ -0,0 +1,3 @@
+{{template "user/settings/layout_head" (dict "ctxData" .)}}
+{{template "shared/actions/owner_general_settings" .}}
+{{template "user/settings/layout_footer" .}}
diff --git a/templates/user/settings/navbar.tmpl b/templates/user/settings/navbar.tmpl
index 34e089a68a9..e2bc72ca5f9 100644
--- a/templates/user/settings/navbar.tmpl
+++ b/templates/user/settings/navbar.tmpl
@@ -34,9 +34,12 @@
 		</a>
 		{{end}}
 		{{if .EnableActions}}
-		<details class="item toggleable-item" {{if or .PageIsSharedSettingsRunners .PageIsSharedSettingsSecrets .PageIsSharedSettingsVariables}}open{{end}}>
+		<details class="item toggleable-item" {{if or .PageIsUserSettingsActionsGeneral .PageIsSharedSettingsRunners .PageIsSharedSettingsSecrets .PageIsSharedSettingsVariables}}open{{end}}>
 			<summary>{{ctx.Locale.Tr "actions.actions"}}</summary>
 			<div class="menu">
+				<a class="{{if .PageIsUserSettingsActionsGeneral}}active {{end}}item" href="{{AppSubUrl}}/user/settings/actions/general">
+					{{ctx.Locale.Tr "actions.general"}}
+				</a>
 				<a class="{{if .PageIsSharedSettingsRunners}}active {{end}}item" href="{{AppSubUrl}}/user/settings/actions/runners">
 					{{ctx.Locale.Tr "actions.runners"}}
 				</a>
diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index c4e8e880eb8..f5a37380f1a 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -5,14 +5,23 @@ package integration
 
 import (
 	"encoding/base64"
+	"fmt"
 	"net/http"
+	"net/http/httptest"
 	"net/url"
+	"strconv"
 	"testing"
 
 	actions_model "code.gitea.io/gitea/models/actions"
 	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
+	org_model "code.gitea.io/gitea/models/organization"
+	"code.gitea.io/gitea/models/perm"
+	repo_model "code.gitea.io/gitea/models/repo"
+	unit_model "code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/lfs"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
 
@@ -20,98 +29,388 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestActionsJobTokenAccess(t *testing.T) {
-	onGiteaRun(t, func(t *testing.T, u *url.URL) {
-		t.Run("Write Access", testActionsJobTokenAccess(u, false))
-		t.Run("Read Access", testActionsJobTokenAccess(u, true))
-	})
-}
+func TestActionsJobTokenPermissiveAccess(t *testing.T) {
+	cases := []struct {
+		name   string
+		isFork bool
 
-func testActionsJobTokenAccess(u *url.URL, isFork bool) func(t *testing.T) {
-	return func(t *testing.T) {
-		task := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 47})
-		require.NoError(t, task.GenerateToken())
-		task.Status = actions_model.StatusRunning
-		task.IsForkPullRequest = isFork
-		err := actions_model.UpdateTask(t.Context(), task, "token_hash", "token_salt", "token_last_eight", "status", "is_fork_pull_request")
-		require.NoError(t, err)
-		session := emptyTestSession(t)
-		context := APITestContext{
-			Session:  session,
-			Token:    task.Token,
-			Username: "user5",
-			Reponame: "repo4",
-		}
-		dstPath := t.TempDir()
+		ownerPermMode repo_model.ActionsTokenPermissionMode
+		ownerMaxPerms map[unit_model.Type]perm.AccessMode
 
-		u.Path = context.GitPath()
-		u.User = url.UserPassword("gitea-actions", task.Token)
+		repoPermMode repo_model.ActionsTokenPermissionMode
+		repoMaxPerms map[unit_model.Type]perm.AccessMode
 
-		t.Run("Git Clone", doGitClone(dstPath, u))
+		expectGitAccess perm.AccessMode
+	}{
+		{
+			name:            "OwnerConfig-Permissive",
+			ownerPermMode:   repo_model.ActionsTokenPermissionModePermissive,
+			expectGitAccess: perm.AccessModeWrite,
+		},
+		{
+			name:            "OwnerConfig-Permissive-CodeNone",
+			ownerPermMode:   repo_model.ActionsTokenPermissionModePermissive,
+			ownerMaxPerms:   map[unit_model.Type]perm.AccessMode{unit_model.TypeCode: perm.AccessModeNone},
+			expectGitAccess: perm.AccessModeNone,
+		},
+		{
+			name:            "OwnerConfig-Restricted",
+			ownerPermMode:   repo_model.ActionsTokenPermissionModeRestricted,
+			expectGitAccess: perm.AccessModeRead,
+		},
 
-		t.Run("API Get Repository", doAPIGetRepository(context, func(t *testing.T, r structs.Repository) {
-			require.Equal(t, "repo4", r.Name)
-			require.Equal(t, "user5", r.Owner.UserName)
-		}))
+		// repo uses its own settings, so owner settings should not affect it
+		{
+			name:            "SameRepo-Permissive",
+			ownerPermMode:   repo_model.ActionsTokenPermissionModeRestricted,
+			ownerMaxPerms:   map[unit_model.Type]perm.AccessMode{unit_model.TypeCode: perm.AccessModeNone},
+			repoPermMode:    repo_model.ActionsTokenPermissionModePermissive,
+			expectGitAccess: perm.AccessModeWrite,
+		},
+		{
+			name:            "SameRepo-Permissive-CodeNone",
+			ownerPermMode:   repo_model.ActionsTokenPermissionModePermissive,
+			ownerMaxPerms:   map[unit_model.Type]perm.AccessMode{unit_model.TypeCode: perm.AccessModeRead},
+			repoPermMode:    repo_model.ActionsTokenPermissionModePermissive,
+			repoMaxPerms:    map[unit_model.Type]perm.AccessMode{unit_model.TypeCode: perm.AccessModeNone},
+			expectGitAccess: perm.AccessModeNone,
+		},
+		{
+			name:            "SameRepo-Restricted",
+			repoPermMode:    repo_model.ActionsTokenPermissionModeRestricted,
+			expectGitAccess: perm.AccessModeRead,
+		},
 
-		context.ExpectedCode = util.Iif(isFork, http.StatusForbidden, http.StatusCreated)
-		t.Run("API Create File", doAPICreateFile(context, "test.txt", &structs.CreateFileOptions{
-			FileOptions: structs.FileOptions{
-				NewBranchName: "new-branch",
-				Message:       "Create File",
-			},
-			ContentBase64: base64.StdEncoding.EncodeToString([]byte(`This is a test file created using job token.`)),
-		}))
-
-		context.ExpectedCode = http.StatusForbidden
-		t.Run("Fail to Create Repository", doAPICreateRepository(context, true))
-
-		context.ExpectedCode = http.StatusForbidden
-		t.Run("Fail to Delete Repository", doAPIDeleteRepository(context))
-
-		t.Run("Fail to Create Organization", doAPICreateOrganization(context, &structs.CreateOrgOption{
-			UserName: "actions",
-			FullName: "Gitea Actions",
-		}))
+		// forks should be always restricted to max read access for code
+		{
+			name:            "Fork-Permissive",
+			repoPermMode:    repo_model.ActionsTokenPermissionModePermissive,
+			isFork:          true,
+			expectGitAccess: perm.AccessModeRead,
+		},
+		{
+			name:            "Fork-Restricted",
+			repoPermMode:    repo_model.ActionsTokenPermissionModeRestricted,
+			isFork:          true,
+			expectGitAccess: perm.AccessModeRead,
+		},
+		{
+			name:            "Fork-Restricted-CodeNone",
+			repoPermMode:    repo_model.ActionsTokenPermissionModeRestricted,
+			repoMaxPerms:    map[unit_model.Type]perm.AccessMode{unit_model.TypeCode: perm.AccessModeNone},
+			isFork:          true,
+			expectGitAccess: perm.AccessModeNone,
+		},
 	}
-}
 
-func TestActionsJobTokenAccessLFS(t *testing.T) {
 	onGiteaRun(t, func(t *testing.T, u *url.URL) {
-		httpContext := NewAPITestContext(t, "user2", "repo-lfs-test", auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteRepository)
-		t.Run("Create Repository", doAPICreateRepository(httpContext, false, func(t *testing.T, repository structs.Repository) {
-			task := &actions_model.ActionTask{}
-			require.NoError(t, task.GenerateToken())
-			task.Status = actions_model.StatusRunning
-			task.IsForkPullRequest = false
-			task.RepoID = repository.ID
-			err := db.Insert(t.Context(), task)
-			require.NoError(t, err)
-			session := emptyTestSession(t)
-			httpContext := APITestContext{
-				Session:  session,
-				Token:    task.Token,
-				Username: "user2",
-				Reponame: "repo-lfs-test",
+		task := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 47})
+
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: task.RepoID})
+		repoActionsUnit := repo.MustGetUnit(t.Context(), unit_model.TypeActions)
+		repoActionsCfg := repoActionsUnit.ActionsConfig()
+		ownerActionsCfg, err := actions_model.GetOwnerActionsConfig(t.Context(), repo.OwnerID)
+		require.NoError(t, err)
+
+		_, err = db.GetEngine(t.Context()).ID(task.RepoID).Cols("is_private").Update(&repo_model.Repository{IsPrivate: true})
+		require.NoError(t, err)
+
+		assertRespCodeForSuccess := func(t *testing.T, resp *httptest.ResponseRecorder, succeed bool) {
+			if succeed {
+				assert.True(t, 200 <= resp.Code && resp.Code < 300, "Expected success status code, got %d", resp.Code)
+			} else {
+				assert.True(t, 400 <= resp.Code && resp.Code < 500, "Expected client error status code, got %d", resp.Code)
 			}
+		}
+		for _, tt := range cases {
+			t.Run(tt.name, func(t *testing.T) {
+				// prepare owner's token permissions settings
+				ownerActionsCfg.TokenPermissionMode = tt.ownerPermMode
+				ownerActionsCfg.MaxTokenPermissions = util.Iif(tt.ownerMaxPerms == nil, nil, &repo_model.ActionsTokenPermissions{UnitAccessModes: tt.ownerMaxPerms})
+				require.NoError(t, actions_model.SetOwnerActionsConfig(t.Context(), repo.OwnerID, ownerActionsCfg))
 
-			u.Path = httpContext.GitPath()
-			dstPath := t.TempDir()
+				// prepare repo's token permissions settings
+				repoActionsCfg.OverrideOwnerConfig = tt.repoPermMode != "" || tt.repoMaxPerms != nil
+				repoActionsCfg.TokenPermissionMode = tt.repoPermMode
+				repoActionsCfg.MaxTokenPermissions = util.Iif(tt.repoMaxPerms == nil, nil, &repo_model.ActionsTokenPermissions{UnitAccessModes: tt.repoMaxPerms})
+				require.NoError(t, repo_model.UpdateRepoUnitConfig(t.Context(), repoActionsUnit))
 
-			u.Path = httpContext.GitPath()
-			u.User = url.UserPassword("gitea-actions", task.Token)
+				// prepare task and its token
+				require.NoError(t, task.GenerateToken())
+				task.Status = actions_model.StatusRunning
+				task.IsForkPullRequest = tt.isFork
+				err := actions_model.UpdateTask(t.Context(), task, "token_hash", "token_salt", "token_last_eight", "status", "is_fork_pull_request")
+				require.NoError(t, err)
 
-			t.Run("Clone", doGitClone(dstPath, u))
+				require.NoError(t, task.LoadJob(t.Context()))
+				require.NoError(t, task.Job.LoadRun(t.Context()))
+				task.Job.Run.IsForkPullRequest = tt.isFork
+				require.NoError(t, actions_model.UpdateRun(t.Context(), task.Job.Run, "is_fork_pull_request"))
 
-			dstPath2 := t.TempDir()
+				testURL := *u
+				testURL.User = url.UserPassword("gitea-actions", task.Token)
 
-			t.Run("Partial Clone", doPartialGitClone(dstPath2, u))
+				t.Run("ReadGitContent", func(t *testing.T) {
+					testURL.Path = "/user5/repo4.git/HEAD"
+					resp := MakeRequest(t, NewRequest(t, "GET", testURL.String()), NoExpectedStatus)
+					assertRespCodeForSuccess(t, resp, tt.expectGitAccess != perm.AccessModeNone)
 
-			lfs := lfsCommitAndPushTest(t, dstPath, testFileSizeSmall)[0]
+					testURL.Path = "/user5/repo4.git/info/lfs/locks"
+					req := NewRequest(t, "GET", testURL.String()).SetHeader("Accept", lfs.MediaType)
+					resp = MakeRequest(t, req, NoExpectedStatus)
+					assertRespCodeForSuccess(t, resp, tt.expectGitAccess != perm.AccessModeNone)
+				})
 
-			reqLFS := NewRequest(t, "GET", "/api/v1/repos/user2/repo-lfs-test/media/"+lfs).AddTokenAuth(task.Token)
-			respLFS := MakeRequestNilResponseRecorder(t, reqLFS, http.StatusOK)
-			assert.Equal(t, testFileSizeSmall, respLFS.Length)
-		}))
+				t.Run("WriteGitContent", func(t *testing.T) {
+					req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/contents/test-filename", repo.FullName()), &structs.CreateFileOptions{
+						FileOptions:   structs.FileOptions{NewBranchName: "new-branch" + t.Name()},
+						ContentBase64: base64.StdEncoding.EncodeToString([]byte(`dummy content`)),
+					}).AddTokenAuth(task.Token)
+					resp := MakeRequest(t, req, NoExpectedStatus)
+					assertRespCodeForSuccess(t, resp, tt.expectGitAccess == perm.AccessModeWrite)
+
+					testURL.Path = "/user5/repo4.git/info/lfs/objects/batch"
+					req = NewRequestWithJSON(t, "POST", testURL.String(), lfs.BatchRequest{Operation: "upload"}).SetHeader("Accept", lfs.MediaType)
+					resp = MakeRequest(t, req, NoExpectedStatus)
+					assertRespCodeForSuccess(t, resp, tt.expectGitAccess == perm.AccessModeWrite)
+				})
+
+				t.Run("NoOtherPermissions", func(t *testing.T) {
+					req := NewRequest(t, "DELETE", "/api/v1/repos/"+repo.FullName()).AddTokenAuth(task.Token)
+					resp := MakeRequest(t, req, NoExpectedStatus)
+					assertRespCodeForSuccess(t, resp, false)
+				})
+			})
+		}
+	})
+}
+
+func TestActionsCrossRepoAccess(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		session := loginUser(t, "user2")
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteOrganization)
+
+		// 1. Create Organization
+		orgName := "org-cross-test"
+		req := NewRequestWithJSON(t, "POST", "/api/v1/orgs", &structs.CreateOrgOption{
+			UserName: orgName,
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+
+		owner, err := org_model.GetOrgByName(t.Context(), orgName)
+		require.NoError(t, err)
+
+		// 2. Create Two Repositories in owner
+		createRepoInOrg := func(name string) int64 {
+			req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/repos", orgName), &structs.CreateRepoOption{
+				Name:     name,
+				AutoInit: true,
+			}).AddTokenAuth(token)
+			resp := MakeRequest(t, req, http.StatusCreated)
+			var repo structs.Repository
+			DecodeJSON(t, resp, &repo)
+			return repo.ID
+		}
+
+		repoAID := createRepoInOrg("repo-A")
+		repoBID := createRepoInOrg("repo-B")
+
+		// 3. Enable Actions in Repo A (Source) and Repo B (Target)
+		enableActions := func(repoID int64) {
+			err := db.Insert(t.Context(), &repo_model.RepoUnit{
+				RepoID: repoID,
+				Type:   unit_model.TypeActions,
+				Config: &repo_model.ActionsConfig{
+					TokenPermissionMode: repo_model.ActionsTokenPermissionModePermissive,
+				},
+			})
+			require.NoError(t, err)
+		}
+
+		enableActions(repoAID)
+		enableActions(repoBID)
+
+		// 4. Create Task in Repo A, and use A's token to access B
+		taskA := createActionTask(t, repoAID, false)
+		testCtxA := APITestContext{
+			Session:  emptyTestSession(t),
+			Token:    taskA.Token,
+			Username: orgName,
+			Reponame: "repo-B",
+		}
+
+		testCtxA.ExpectedCode = http.StatusOK
+		t.Run("PublicCrossRepoAccess", doAPIGetRepository(testCtxA, func(t *testing.T, r structs.Repository) {
+			assert.Equal(t, "repo-B", r.Name)
+		}))
+
+		// make repo-B be private
+		req = NewRequestWithJSON(t, "PATCH", "/api/v1/repos/org-cross-test/repo-B", &structs.EditRepoOption{Private: new(true)}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusOK)
+
+		testCtxA.ExpectedCode = http.StatusNotFound
+		t.Run("NoPrivateCrossRepoAccess", doAPIGetRepository(testCtxA, nil))
+
+		ownerActionsCfg := actions_model.OwnerActionsConfig{AllowedCrossRepoIDs: []int64{repoBID}}
+		require.NoError(t, actions_model.SetOwnerActionsConfig(t.Context(), owner.ID, ownerActionsCfg))
+
+		testCtxA.ExpectedCode = http.StatusOK
+		t.Run("AccessToSelectedPrivateRepo", doAPIGetRepository(testCtxA, func(t *testing.T, r structs.Repository) {
+			assert.Equal(t, "repo-B", r.Name)
+		}))
+
+		t.Run("RepoTransfer", func(t *testing.T) {
+			ownerActionsCfg, err := actions_model.GetOwnerActionsConfig(t.Context(), owner.ID)
+			require.NoError(t, err)
+			assert.Contains(t, ownerActionsCfg.AllowedCrossRepoIDs, repoBID)
+
+			// Transfer Repository to user4
+			req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/repo-B/transfer", orgName), &structs.TransferRepoOption{
+				NewOwner: "user4",
+			}).AddTokenAuth(token)
+			MakeRequest(t, req, http.StatusCreated)
+
+			// Accept transfer as user4
+			session4 := loginUser(t, "user4")
+			token4 := getTokenForLoggedInUser(t, session4, auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteRepository)
+			req = NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/repo-B/transfer/accept", orgName)).AddTokenAuth(token4)
+			MakeRequest(t, req, http.StatusAccepted)
+
+			// Verify it is removed from the org's config
+			ownerActionsCfg, err = actions_model.GetOwnerActionsConfig(t.Context(), owner.ID)
+			require.NoError(t, err)
+			assert.NotContains(t, ownerActionsCfg.AllowedCrossRepoIDs, repoBID)
+		})
+	})
+}
+
+func createActionTask(t *testing.T, repoID int64, isFork bool) *actions_model.ActionTask {
+	job := &actions_model.ActionRunJob{
+		RepoID:            repoID,
+		Status:            actions_model.StatusRunning,
+		IsForkPullRequest: isFork,
+		JobID:             "test_job",
+		Name:              "test_job",
+	}
+	require.NoError(t, db.Insert(t.Context(), job))
+	task := &actions_model.ActionTask{
+		JobID:             job.ID,
+		RepoID:            repoID,
+		Status:            actions_model.StatusRunning,
+		IsForkPullRequest: isFork,
+	}
+	require.NoError(t, task.GenerateToken())
+	require.NoError(t, db.Insert(t.Context(), task))
+	return task
+}
+
+func TestActionsTokenPermissionsPersistenceWithWorkflow(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		session := loginUser(t, user2.Name)
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+
+		// create repos
+		repo1 := createActionsTestRepo(t, token, "actions-permission-repo1", false)
+		repo2 := createActionsTestRepo(t, token, "actions-permission-repo2", true)
+
+		// add repo2 to owner-level cross-repo access list
+		req := NewRequestWithValues(t, "POST", "/user/settings/actions/general", map[string]string{
+			"cross_repo_add_target":      "true",
+			"cross_repo_add_target_name": repo2.Name,
+		})
+		session.MakeRequest(t, req, http.StatusOK)
+
+		// create the runner for repo1
+		runner1 := newMockRunner()
+		runner1.registerAsRepoRunner(t, user2.Name, repo1.Name, "mock-runner", []string{"ubuntu-latest"}, false)
+
+		// set repo1 actions token permission mode to "permissive"
+		req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/settings/actions/general/token_permissions", user2.Name, repo1.Name), map[string]string{
+			"token_permission_mode": "permissive",
+			"override_owner_config": "true",
+		})
+		session.MakeRequest(t, req, http.StatusSeeOther)
+
+		// set repo2 actions token permission mode to "restricted", and set max permissions
+		req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/settings/actions/general/token_permissions", user2.Name, repo2.Name), map[string]string{
+			"token_permission_mode":  "restricted",
+			"override_owner_config":  "true",
+			"enable_max_permissions": "true",
+			"max_unit_access_mode_" + strconv.Itoa(int(unit_model.TypeReleases)): "read",
+		})
+		session.MakeRequest(t, req, http.StatusSeeOther)
+
+		// create a workflow file with "permission" keyword for repo1
+		wfTreePath := ".gitea/workflows/test_permissions.yml"
+		wfFileContent := `name: Test Permissions
+on:
+  push:
+    paths:
+      - '.gitea/workflows/test_permissions.yml'
+
+jobs:
+  job-override:
+    runs-on: ubuntu-latest
+    permissions:
+      code: write
+    steps:
+      - run: echo "test perms"
+`
+		opts := getWorkflowCreateFileOptions(user2, repo1.DefaultBranch, "create "+wfTreePath, wfFileContent)
+		createWorkflowFile(t, token, user2.Name, repo1.Name, wfTreePath, opts)
+
+		task1 := runner1.fetchTask(t)
+		task1Token := task1.Secrets["GITEA_TOKEN"]
+		require.NotEmpty(t, task1Token)
+
+		// should fail: target repo does not allow code access
+		req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/%s", user2.Name, repo2.Name)).AddTokenAuth(task1Token)
+		MakeRequest(t, req, http.StatusNotFound)
+
+		// set repo2 max permission to "read" so that the actions token can access code
+		req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/settings/actions/general/token_permissions", user2.Name, repo2.Name), map[string]string{
+			"token_permission_mode":  "restricted",
+			"override_owner_config":  "true",
+			"enable_max_permissions": "true",
+			"max_unit_access_mode_" + strconv.Itoa(int(unit_model.TypeCode)):     "read",
+			"max_unit_access_mode_" + strconv.Itoa(int(unit_model.TypeReleases)): "read",
+		})
+		session.MakeRequest(t, req, http.StatusSeeOther)
+
+		// should succeed: target repo now allows code read access for this token
+		req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/%s", user2.Name, repo2.Name)).AddTokenAuth(task1Token)
+		MakeRequest(t, req, http.StatusOK)
+		// but it should not have write access
+		req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/%s/%s.git/info/lfs/objects/batch", user2.Name, repo2.Name), lfs.BatchRequest{Operation: "upload"}).
+			SetHeader("Accept", lfs.MediaType).
+			AddBasicAuth("gitea-actions", task1Token)
+		MakeRequest(t, req, http.StatusUnauthorized)
+
+		// set repo1&repo2 max permission to "write" so that the actions token can access code
+		req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/settings/actions/general/token_permissions", user2.Name, repo1.Name), map[string]string{
+			"token_permission_mode":  "restricted",
+			"override_owner_config":  "true",
+			"enable_max_permissions": "true",
+			"max_unit_access_mode_" + strconv.Itoa(int(unit_model.TypeCode)): "write",
+		})
+		session.MakeRequest(t, req, http.StatusSeeOther)
+		req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/settings/actions/general/token_permissions", user2.Name, repo2.Name), map[string]string{
+			"token_permission_mode":  "restricted",
+			"override_owner_config":  "true",
+			"enable_max_permissions": "true",
+			"max_unit_access_mode_" + strconv.Itoa(int(unit_model.TypeCode)): "write",
+		})
+		session.MakeRequest(t, req, http.StatusSeeOther)
+
+		// now task1 has write access to repo1, but still only read access to repo2 (different repo)
+		req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/%s/%s.git/info/lfs/objects/batch", user2.Name, repo1.Name), lfs.BatchRequest{Operation: "upload"}).
+			SetHeader("Accept", lfs.MediaType).
+			AddBasicAuth("gitea-actions", task1Token)
+		MakeRequest(t, req, http.StatusOK)
+		req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/%s/%s.git/info/lfs/objects/batch", user2.Name, repo2.Name), lfs.BatchRequest{Operation: "upload"}).
+			SetHeader("Accept", lfs.MediaType).
+			AddBasicAuth("gitea-actions", task1Token)
+		MakeRequest(t, req, http.StatusUnauthorized)
 	})
 }
diff --git a/tests/integration/actions_runner_test.go b/tests/integration/actions_runner_test.go
index 9ac2fb6e135..0e9e372ab1d 100644
--- a/tests/integration/actions_runner_test.go
+++ b/tests/integration/actions_runner_test.go
@@ -95,13 +95,13 @@ func (r *mockRunner) registerAsRepoRunner(t *testing.T, ownerName, repoName, run
 
 func (r *mockRunner) fetchTask(t *testing.T, timeout ...time.Duration) *runnerv1.Task {
 	task := r.tryFetchTask(t, timeout...)
-	assert.NotNil(t, task, "failed to fetch a task")
+	require.NotNil(t, task, "failed to fetch a task")
 	return task
 }
 
 func (r *mockRunner) fetchNoTask(t *testing.T, timeout ...time.Duration) {
 	task := r.tryFetchTask(t, timeout...)
-	assert.Nil(t, task, "a task is fetched")
+	require.Nil(t, task, "a task is fetched")
 }
 
 const defaultFetchTaskTimeout = 1 * time.Second
diff --git a/tests/integration/api_issue_dependency_test.go b/tests/integration/api_issue_dependency_test.go
index 8356d6058db..fc2615be42f 100644
--- a/tests/integration/api_issue_dependency_test.go
+++ b/tests/integration/api_issue_dependency_test.go
@@ -29,7 +29,7 @@ func enableRepoDependencies(t *testing.T, repoID int64) {
 
 	repoUnit := unittest.AssertExistsAndLoadBean(t, &repo_model.RepoUnit{RepoID: repoID, Type: unit.TypeIssues})
 	repoUnit.IssuesConfig().EnableDependencies = true
-	assert.NoError(t, repo_model.UpdateRepoUnit(t.Context(), repoUnit))
+	assert.NoError(t, repo_model.UpdateRepoUnitConfig(t.Context(), repoUnit))
 }
 
 func TestAPICreateIssueDependencyCrossRepoPermission(t *testing.T) {
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index 8c2942a0123..a4807814dfb 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -6,6 +6,7 @@ package integration
 import (
 	"bytes"
 	"context"
+	"encoding/base64"
 	"fmt"
 	"hash"
 	"hash/fnv"
@@ -326,9 +327,10 @@ func NewRequestWithBody(t testing.TB, method, urlStr string, body io.Reader) *Re
 		urlStr = "/" + urlStr
 	}
 	req, err := http.NewRequest(method, urlStr, body)
-	assert.NoError(t, err)
-	req.RequestURI = urlStr
-
+	require.NoError(t, err)
+	if req.URL.User != nil {
+		req.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(req.URL.User.String())))
+	}
 	return &RequestWrapper{req}
 }
 
diff --git a/tests/integration/pull_update_test.go b/tests/integration/pull_update_test.go
index a873d505613..73262af9689 100644
--- a/tests/integration/pull_update_test.go
+++ b/tests/integration/pull_update_test.go
@@ -66,7 +66,7 @@ func enableRepoAllowUpdateWithRebase(t *testing.T, repoID int64, allow bool) {
 
 	repoUnit := unittest.AssertExistsAndLoadBean(t, &repo_model.RepoUnit{RepoID: repoID, Type: unit.TypePullRequests})
 	repoUnit.PullRequestsConfig().AllowRebaseUpdate = allow
-	assert.NoError(t, repo_model.UpdateRepoUnit(t.Context(), repoUnit))
+	assert.NoError(t, repo_model.UpdateRepoUnitConfig(t.Context(), repoUnit))
 }
 
 func TestAPIPullUpdateByRebase(t *testing.T) {
diff --git a/web_src/css/base.css b/web_src/css/base.css
index d449fcef1e0..0d6c4a2f75c 100644
--- a/web_src/css/base.css
+++ b/web_src/css/base.css
@@ -261,6 +261,12 @@ relative-time::part(root)::selection {
   user-select: none;
 }
 
+.container-disabled {
+  opacity: var(--opacity-disabled);
+  pointer-events: none;
+  user-select: none;
+}
+
 a {
   color: var(--color-primary);
   cursor: pointer;
diff --git a/web_src/css/modules/list.css b/web_src/css/modules/list.css
index 46422cb97d1..9bdaa080eaf 100644
--- a/web_src/css/modules/list.css
+++ b/web_src/css/modules/list.css
@@ -25,15 +25,6 @@
   list-style-position: outside;
 }
 
-.ui.list > .list > .item::after,
-.ui.list > .item::after {
-  content: "";
-  display: block;
-  height: 0;
-  clear: both;
-  visibility: hidden;
-}
-
 .ui.list .list:not(.icon) {
   clear: both;
   margin: 0;
diff --git a/web_src/js/features/common-actions-permissions.ts b/web_src/js/features/common-actions-permissions.ts
new file mode 100644
index 00000000000..8fdeafdafa0
--- /dev/null
+++ b/web_src/js/features/common-actions-permissions.ts
@@ -0,0 +1,34 @@
+import {registerGlobalInitFunc} from '../modules/observer.ts';
+import {toggleElem, toggleElemClass} from '../utils/dom.ts';
+
+export function initActionsPermissionsForm(): void {
+  registerGlobalInitFunc('initRepoActionsPermissionsForm', initRepoActionsPermissionsForm);
+  registerGlobalInitFunc('initOwnerActionsPermissionsForm', initOwnerActionsPermissionsForm);
+}
+
+function initRepoActionsPermissionsForm(form: HTMLFormElement) {
+  initActionsOverrideOwnerConfig(form);
+  initActionsPermissionTable(form);
+}
+
+function initOwnerActionsPermissionsForm(form: HTMLFormElement) {
+  initActionsPermissionTable(form);
+}
+
+function initActionsPermissionTable(form: HTMLFormElement) {
+  // show or hide permissions table based on enable max permissions checkbox (aka: whether you use custom permissions or not)
+  const permTable = form.querySelector<HTMLTableElement>('.js-permissions-table')!;
+  const enableMaxCheckbox = form.querySelector<HTMLInputElement>('input[name=enable_max_permissions]')!;
+  const onEnableMaxCheckboxChange = () => toggleElem(permTable, enableMaxCheckbox.checked);
+  onEnableMaxCheckboxChange();
+  enableMaxCheckbox.addEventListener('change', onEnableMaxCheckboxChange);
+}
+
+function initActionsOverrideOwnerConfig(form: HTMLFormElement) {
+  // enable or disable repo token permissions config section based on override owner config checkbox
+  const overrideOwnerConfig = form.querySelector<HTMLInputElement>('input[name=override_owner_config]')!;
+  const repoTokenPermConfigSection = form.querySelector('.js-repo-token-permissions-config')!;
+  const onOverrideOwnerConfigChange = () => toggleElemClass(repoTokenPermConfigSection, 'container-disabled', !overrideOwnerConfig.checked);
+  onOverrideOwnerConfigChange();
+  overrideOwnerConfig.addEventListener('change', onOverrideOwnerConfigChange);
+}
diff --git a/web_src/js/features/comp/SearchRepoBox.ts b/web_src/js/features/comp/SearchRepoBox.ts
index ea95ae80aba..c87240b67a5 100644
--- a/web_src/js/features/comp/SearchRepoBox.ts
+++ b/web_src/js/features/comp/SearchRepoBox.ts
@@ -5,10 +5,15 @@ const {appSubUrl} = window.config;
 
 export function initCompSearchRepoBox(el: HTMLElement) {
   const uid = el.getAttribute('data-uid');
+  const exclusive = el.getAttribute('data-exclusive');
+  let url = `${appSubUrl}/repo/search?q={query}&uid=${uid}`;
+  if (exclusive === 'true') {
+    url += `&exclusive=true`;
+  }
   fomanticQuery(el).search({
     minCharacters: 2,
     apiSettings: {
-      url: `${appSubUrl}/repo/search?q={query}&uid=${uid}`,
+      url,
       onResponse(response: any) {
         const items = [];
         for (const item of response.data) {
diff --git a/web_src/js/index-domready.ts b/web_src/js/index-domready.ts
index fb445b8df42..19a61b0e40f 100644
--- a/web_src/js/index-domready.ts
+++ b/web_src/js/index-domready.ts
@@ -63,6 +63,7 @@ import {initGlobalButtonClickOnEnter, initGlobalButtons, initGlobalDeleteButton}
 import {initGlobalComboMarkdownEditor, initGlobalEnterQuickSubmit, initGlobalFormDirtyLeaveConfirm} from './features/common-form.ts';
 import {callInitFunctions} from './modules/init.ts';
 import {initRepoViewFileTree} from './features/repo-view-file-tree.ts';
+import {initActionsPermissionsForm} from './features/common-actions-permissions.ts';
 import {initGlobalShortcut} from './modules/shortcut.ts';
 
 const initStartTime = performance.now();
@@ -159,6 +160,7 @@ const initPerformanceTracer = callInitFunctions([
   initOAuth2SettingsDisableCheckbox,
 
   initRepoFileView,
+  initActionsPermissionsForm,
 ]);
 
 // it must be the last one, then the "querySelectorAll" only needs to be executed once for global init functions.