From d7ae32623be5be27791edbd8b0a08c0d27a6b662 Mon Sep 17 00:00:00 2001
From: Siara <108543037+SiaraMist@users.noreply.github.com>
Date: Wed, 10 Apr 2024 15:14:54 -0700
Subject: [PATCH] [Improvement]: Improve docs for repository access to private
 packages (#49727)

---
 .../configuring-a-packages-access-control-and-visibility.md     | 1 +
 .../publishing-and-installing-a-package-with-github-actions.md  | 2 +-
 .../reusables/package_registry/public-forks-private-packages.md | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 data/reusables/package_registry/public-forks-private-packages.md

diff --git a/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md b/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md
index d8c3f32b27..5972ac8986 100644
--- a/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md
+++ b/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md
@@ -142,6 +142,7 @@ If you publish a package that is linked to a repository, {% data variables.produ
 **Notes:**
 - Syncing your package with a repository {% data variables.package_registry.package-settings-actions-access-menu %} is different than connecting your package to a repository. For more information about linking a repository to your package, see "[AUTOTITLE](/packages/learn-github-packages/connecting-a-repository-to-a-package)."
 - You can choose to limit permissions to workflow jobs usings the `permissions` key and `packages` scope. For more information, see "[AUTOTITLE](/actions/using-jobs/assigning-permissions-to-jobs)."
+- {% data reusables.package_registry.public-forks-private-packages %}
 
 {% endnote %}
 
diff --git a/content/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions.md b/content/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions.md
index 7568d193d9..1e4c54a963 100644
--- a/content/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions.md
+++ b/content/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions.md
@@ -72,7 +72,7 @@ These are more examples of how default permissions work for workflows that manag
 
 | {% data variables.product.prodname_actions %} workflow task | Default permissions and access |
 |----|----|
-| Download an existing  | - If the package is public, any workflow running in any repository can download the package. <br> - If the package is internal, then all workflows running in any repository owned by the Enterprise account can download the package. For enterprise-owned organizations, you can read any repository in the enterprise <br> - If the package is private, only workflows running in repositories that are given read permission on that package can download the package. <br>
+| Download an existing  | - If the package is public, any workflow running in any repository can download the package. <br> - If the package is internal, then all workflows running in any repository owned by the Enterprise account can download the package. For enterprise-owned organizations, you can read any repository in the enterprise <br> - If the package is private, only workflows running in repositories that are given read permission on that package can download the package. {% data reusables.package_registry.public-forks-private-packages %} <br>
 | Upload a new version to an existing package | - If the package is private, internal, or public, only workflows running in repositories that are given write permission on that package can upload new versions to the package.
 | Delete a package or versions of a package | - If the package is private, internal, or public, only workflows running in repositories that are given admin permission can delete existing versions of the package.
 
diff --git a/data/reusables/package_registry/public-forks-private-packages.md b/data/reusables/package_registry/public-forks-private-packages.md
new file mode 100644
index 0000000000..e1e152d1d5
--- /dev/null
+++ b/data/reusables/package_registry/public-forks-private-packages.md
@@ -0,0 +1 @@
+If you grant a public repository access to private packages, forks of the repository may be able to access the private packages.