Currently, GitHub organization owners are the only ones (atleast by default) that can setup a new project for a repository. However, once the project is created anyone with write access on the repository can edit the project settings. From our perspective, it would be beneficial to have an option to disable this behavior and leave that level of access solely for the organization owners.

For example: Advanced settings such as "Pass secrets to builds from forked pull requests" could be potentially harmful if environment variables are at the project-level rather than contained within a context (since organization owners are the only ones that can configure Contexts).

CCI-I-978