--- title: "GitHub App Permissions" description: "What repository permissions the Nirmata GitHub App requests and what it can and cannot do." diataxis: reference applies_to: product: "nirmata-control-hub" audience: ["platform-engineer","admin"] last_updated: 2026-04-16 url: https://docs.nirmata.io/docs/control-hub/settings/integrations/githubapp/permissions/ --- > **Applies to:** Nirmata Control Hub 4.0 and later ## Repository Permissions | Permission | Access Level | Purpose | |-----------|--------------|---------| | **Metadata** | Read | Required by GitHub (mandatory for all apps) | | **Contents** | Read & Write | Create and modify files, branches, and commits | | **Pull Requests** | Read & Write | Create, update, and merge pull requests | | **Issues** | Read & Write | Create and manage issues for tracking | ## What Nirmata Can Do With these permissions, Nirmata can: - Read repository contents and metadata - Create branches for policy fixes - Commit changes to branches - Open pull requests with automated fixes - Add comments to pull requests - Create issues for violations or notifications - Read and respond to PR comments ## What Nirmata Cannot Do The app **cannot**: - Delete repositories - Modify repository settings - Change collaborator permissions - Force push or delete branches (unless branch protection allows) - Merge PRs without proper approvals (if branch protection is enabled) - Access repositories not explicitly granted during installation ## Frequently Asked Questions ### Do I need to create my own GitHub App? No. Nirmata provides a ready-to-use GitHub App that you can install directly from the Nirmata Control Hub interface. Simply click "Connect" and authorize the app. ### Can I use the GitHub App with multiple organizations? Yes. You can install the Nirmata GitHub App on multiple GitHub organizations. Simply repeat the connection process for each organization you want to integrate. ### What happens if I disconnect the GitHub App? Disconnecting will: - Stop all automated operations (PRs, commits, etc.) - Prevent AI agents from creating pull requests - Disable GitOps sync operations - Close the integration in Nirmata Control Hub Your existing pull requests and issues will remain in GitHub. ### Can I limit which repositories Nirmata accesses? Yes. During installation, you can choose "Only select repositories" and pick specific repositories. You can modify this selection anytime from GitHub's app settings.