Do collaborators have commit access on GitHub?

Question

One thing I noticed: Using the GitHub UI, I added a collaborator to a repository. I saw that they committed changes without any authority / approval from me. It was a privat

Answer 1

Private repositories in an ordinary user account are an all-or-nothing deal: either someone has full read/write access (i.e., they're a collaborator) or they have no access. However, if you set up an organization, create the repo under the aegis of the organization, and then add the collaborator, you have much more fine-grained control (including giving read-only access to a private repo).

Answer 2

With private repositories, how do I give someone read access versus write access?

This kind of permission is not available for simple accounts. When you add an user as a collaborator, he gains read/write permissions.

The story changes if you own an Organization. Organizations contains teams and each team can have different level of access, including read-only. You can assign users to a specific read-only group, and they will only have pull access to the repositories.