diff --git a/github/actions_permissions_enterprise.go b/github/actions_permissions_enterprise.go
index 1334690f474..fc4b67110a1 100644
--- a/github/actions_permissions_enterprise.go
+++ b/github/actions_permissions_enterprise.go
@@ -338,3 +338,40 @@ func (s *ActionsService) EditSelfHostedRunnerPermissionsInEnterprise(ctx context
 
 	return s.client.Do(ctx, req, nil)
 }
+
+// GetPrivateRepoForkPRWorkflowSettingsInEnterprise gets the settings for whether workflows from fork pull requests can run on private repositories in an enterprise.
+//
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/permissions#get-private-repo-fork-pr-workflow-settings-for-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/actions/permissions/fork-pr-workflows-private-repos
+func (s *ActionsService) GetPrivateRepoForkPRWorkflowSettingsInEnterprise(ctx context.Context, enterprise string) (*WorkflowsPermissions, *Response, error) {
+	u := fmt.Sprintf("enterprises/%v/actions/permissions/fork-pr-workflows-private-repos", enterprise)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	permissions := new(WorkflowsPermissions)
+	resp, err := s.client.Do(ctx, req, permissions)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return permissions, resp, nil
+}
+
+// UpdatePrivateRepoForkPRWorkflowSettingsInEnterprise sets the settings for whether workflows from fork pull requests can run on private repositories in an enterprise.
+//
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/actions/permissions#set-private-repo-fork-pr-workflow-settings-for-an-enterprise
+//
+//meta:operation PUT /enterprises/{enterprise}/actions/permissions/fork-pr-workflows-private-repos
+func (s *ActionsService) UpdatePrivateRepoForkPRWorkflowSettingsInEnterprise(ctx context.Context, enterprise string, permissions *WorkflowsPermissionsOpt) (*Response, error) {
+	u := fmt.Sprintf("enterprises/%v/actions/permissions/fork-pr-workflows-private-repos", enterprise)
+	req, err := s.client.NewRequest("PUT", u, permissions)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
diff --git a/github/actions_permissions_enterprise_test.go b/github/actions_permissions_enterprise_test.go
index 0a5cb22684f..30c8cdfa97b 100644
--- a/github/actions_permissions_enterprise_test.go
+++ b/github/actions_permissions_enterprise_test.go
@@ -523,3 +523,84 @@ func TestActionsService_EditSelfHostedRunnerPermissionsInEnterprise(t *testing.T
 		return client.Actions.EditSelfHostedRunnerPermissionsInEnterprise(ctx, "e", *input)
 	})
 }
+
+func TestActionsService_GetPrivateRepoForkPRWorkflowSettingsInEnterprise(t *testing.T) {
+	t.Parallel()
+	client, mux, _ := setup(t)
+
+	mux.HandleFunc("/enterprises/e/actions/permissions/fork-pr-workflows-private-repos", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, "GET")
+		fmt.Fprint(w, `{"run_workflows_from_fork_pull_requests": true, "send_write_tokens_to_workflows": false, "send_secrets_and_variables": true, "require_approval_for_fork_pr_workflows": false}`)
+	})
+
+	ctx := context.Background()
+	permissions, _, err := client.Actions.GetPrivateRepoForkPRWorkflowSettingsInEnterprise(ctx, "e")
+	if err != nil {
+		t.Errorf("Actions.GetPrivateRepoForkPRWorkflowSettingsInEnterprise returned error: %v", err)
+	}
+	want := &WorkflowsPermissions{
+		RunWorkflowsFromForkPullRequests:  Ptr(true),
+		SendWriteTokensToWorkflows:        Ptr(false),
+		SendSecretsAndVariables:           Ptr(true),
+		RequireApprovalForForkPRWorkflows: Ptr(false),
+	}
+	if !cmp.Equal(permissions, want) {
+		t.Errorf("Actions.GetPrivateRepoForkPRWorkflowSettingsInEnterprise returned %+v, want %+v", permissions, want)
+	}
+
+	const methodName = "GetPrivateRepoForkPRWorkflowSettingsInEnterprise"
+	testBadOptions(t, methodName, func() (err error) {
+		_, _, err = client.Actions.GetPrivateRepoForkPRWorkflowSettingsInEnterprise(ctx, "\n")
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		got, resp, err := client.Actions.GetPrivateRepoForkPRWorkflowSettingsInEnterprise(ctx, "e")
+		if got != nil {
+			t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got)
+		}
+		return resp, err
+	})
+}
+
+func TestActionsService_UpdatePrivateRepoForkPRWorkflowSettingsInEnterprise(t *testing.T) {
+	t.Parallel()
+	client, mux, _ := setup(t)
+
+	input := &WorkflowsPermissionsOpt{
+		RunWorkflowsFromForkPullRequests: true,
+		SendWriteTokensToWorkflows:       Ptr(false),
+		SendSecretsAndVariables:          Ptr(true),
+	}
+
+	mux.HandleFunc("/enterprises/e/actions/permissions/fork-pr-workflows-private-repos", func(w http.ResponseWriter, r *http.Request) {
+		v := new(WorkflowsPermissionsOpt)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
+
+		testMethod(t, r, "PUT")
+		if !cmp.Equal(v, input) {
+			t.Errorf("Request body = %+v, want %+v", v, input)
+		}
+		w.WriteHeader(http.StatusNoContent)
+	})
+
+	ctx := context.Background()
+	resp, err := client.Actions.UpdatePrivateRepoForkPRWorkflowSettingsInEnterprise(ctx, "e", input)
+	if err != nil {
+		t.Errorf("Actions.UpdatePrivateRepoForkPRWorkflowSettingsInEnterprise returned error: %v", err)
+	}
+
+	if resp.StatusCode != http.StatusNoContent {
+		t.Errorf("Actions.UpdatePrivateRepoForkPRWorkflowSettingsInEnterprise = %d, want %d", resp.StatusCode, http.StatusNoContent)
+	}
+
+	const methodName = "UpdatePrivateRepoForkPRWorkflowSettingsInEnterprise"
+	testBadOptions(t, methodName, func() (err error) {
+		_, err = client.Actions.UpdatePrivateRepoForkPRWorkflowSettingsInEnterprise(ctx, "\n", input)
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		return client.Actions.UpdatePrivateRepoForkPRWorkflowSettingsInEnterprise(ctx, "e", input)
+	})
+}
diff --git a/github/actions_permissions_orgs.go b/github/actions_permissions_orgs.go
index f8bd51a08aa..fdd3181c580 100644
--- a/github/actions_permissions_orgs.go
+++ b/github/actions_permissions_orgs.go
@@ -446,3 +446,40 @@ func (s *ActionsService) RemoveRepositorySelfHostedRunnersAllowedInOrganization(
 
 	return resp, nil
 }
+
+// GetPrivateRepoForkPRWorkflowSettingsInOrganization gets the settings for whether workflows from fork pull requests can run on private repositories in an organization.
+//
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#get-private-repo-fork-pr-workflow-settings-for-an-organization
+//
+//meta:operation GET /orgs/{org}/actions/permissions/fork-pr-workflows-private-repos
+func (s *ActionsService) GetPrivateRepoForkPRWorkflowSettingsInOrganization(ctx context.Context, org string) (*WorkflowsPermissions, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/actions/permissions/fork-pr-workflows-private-repos", org)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	permissions := new(WorkflowsPermissions)
+	resp, err := s.client.Do(ctx, req, permissions)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return permissions, resp, nil
+}
+
+// UpdatePrivateRepoForkPRWorkflowSettingsInOrganization sets the settings for whether workflows from fork pull requests can run on private repositories in an organization.
+//
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#set-private-repo-fork-pr-workflow-settings-for-an-organization
+//
+//meta:operation PUT /orgs/{org}/actions/permissions/fork-pr-workflows-private-repos
+func (s *ActionsService) UpdatePrivateRepoForkPRWorkflowSettingsInOrganization(ctx context.Context, org string, permissions *WorkflowsPermissionsOpt) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v/actions/permissions/fork-pr-workflows-private-repos", org)
+	req, err := s.client.NewRequest("PUT", u, permissions)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
diff --git a/github/actions_permissions_orgs_test.go b/github/actions_permissions_orgs_test.go
index dbe7eb3a8d7..6b044c688e8 100644
--- a/github/actions_permissions_orgs_test.go
+++ b/github/actions_permissions_orgs_test.go
@@ -693,3 +693,84 @@ func TestActionsService_RemoveRepositorySelfHostedRunnersAllowedInOrganization(t
 		return client.Actions.RemoveRepositorySelfHostedRunnersAllowedInOrganization(ctx, "o", 123)
 	})
 }
+
+func TestActionsService_GetPrivateRepoForkPRWorkflowSettingsInOrganization(t *testing.T) {
+	t.Parallel()
+	client, mux, _ := setup(t)
+
+	mux.HandleFunc("/orgs/o/actions/permissions/fork-pr-workflows-private-repos", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, "GET")
+		fmt.Fprint(w, `{"run_workflows_from_fork_pull_requests": true, "send_write_tokens_to_workflows": false, "send_secrets_and_variables": true, "require_approval_for_fork_pr_workflows": false}`)
+	})
+
+	ctx := context.Background()
+	permissions, _, err := client.Actions.GetPrivateRepoForkPRWorkflowSettingsInOrganization(ctx, "o")
+	if err != nil {
+		t.Errorf("Actions.GetPrivateRepoForkPRWorkflowSettingsInOrganization returned error: %v", err)
+	}
+	want := &WorkflowsPermissions{
+		RunWorkflowsFromForkPullRequests:  Ptr(true),
+		SendWriteTokensToWorkflows:        Ptr(false),
+		SendSecretsAndVariables:           Ptr(true),
+		RequireApprovalForForkPRWorkflows: Ptr(false),
+	}
+	if !cmp.Equal(permissions, want) {
+		t.Errorf("Actions.GetPrivateRepoForkPRWorkflowSettingsInOrganization returned %+v, want %+v", permissions, want)
+	}
+
+	const methodName = "GetPrivateRepoForkPRWorkflowSettingsInOrganization"
+	testBadOptions(t, methodName, func() (err error) {
+		_, _, err = client.Actions.GetPrivateRepoForkPRWorkflowSettingsInOrganization(ctx, "\n")
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		got, resp, err := client.Actions.GetPrivateRepoForkPRWorkflowSettingsInOrganization(ctx, "o")
+		if got != nil {
+			t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got)
+		}
+		return resp, err
+	})
+}
+
+func TestActionsService_UpdatePrivateRepoForkPRWorkflowSettingsInOrganization(t *testing.T) {
+	t.Parallel()
+	client, mux, _ := setup(t)
+
+	input := &WorkflowsPermissionsOpt{
+		RunWorkflowsFromForkPullRequests: true,
+		SendWriteTokensToWorkflows:       Ptr(false),
+		SendSecretsAndVariables:          Ptr(true),
+	}
+
+	mux.HandleFunc("/orgs/o/actions/permissions/fork-pr-workflows-private-repos", func(w http.ResponseWriter, r *http.Request) {
+		v := new(WorkflowsPermissionsOpt)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
+
+		testMethod(t, r, "PUT")
+		if !cmp.Equal(v, input) {
+			t.Errorf("Request body = %+v, want %+v", v, input)
+		}
+		w.WriteHeader(http.StatusNoContent)
+	})
+
+	ctx := context.Background()
+	resp, err := client.Actions.UpdatePrivateRepoForkPRWorkflowSettingsInOrganization(ctx, "o", input)
+	if err != nil {
+		t.Errorf("Actions.UpdatePrivateRepoForkPRWorkflowSettingsInOrganization returned error: %v", err)
+	}
+
+	if resp.StatusCode != http.StatusNoContent {
+		t.Errorf("Actions.UpdatePrivateRepoForkPRWorkflowSettingsInOrganization = %d, want %d", resp.StatusCode, http.StatusNoContent)
+	}
+
+	const methodName = "UpdatePrivateRepoForkPRWorkflowSettingsInOrganization"
+	testBadOptions(t, methodName, func() (err error) {
+		_, err = client.Actions.UpdatePrivateRepoForkPRWorkflowSettingsInOrganization(ctx, "\n", input)
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		return client.Actions.UpdatePrivateRepoForkPRWorkflowSettingsInOrganization(ctx, "o", input)
+	})
+}
diff --git a/github/actions_workflows.go b/github/actions_workflows.go
index 4d9df69eb0d..dbde83cf306 100644
--- a/github/actions_workflows.go
+++ b/github/actions_workflows.go
@@ -56,6 +56,26 @@ type CreateWorkflowDispatchEventRequest struct {
 	Inputs map[string]any `json:"inputs,omitempty"`
 }
 
+// WorkflowsPermissions represents the permissions for workflows in a repository.
+type WorkflowsPermissions struct {
+	RunWorkflowsFromForkPullRequests  *bool `json:"run_workflows_from_fork_pull_requests,omitempty"`
+	SendWriteTokensToWorkflows        *bool `json:"send_write_tokens_to_workflows,omitempty"`
+	SendSecretsAndVariables           *bool `json:"send_secrets_and_variables,omitempty"`
+	RequireApprovalForForkPRWorkflows *bool `json:"require_approval_for_fork_pr_workflows,omitempty"`
+}
+
+func (w WorkflowsPermissions) String() string {
+	return Stringify(w)
+}
+
+// WorkflowsPermissionsOpt specifies options for editing workflows permissions in a repository.
+type WorkflowsPermissionsOpt struct {
+	RunWorkflowsFromForkPullRequests  bool  `json:"run_workflows_from_fork_pull_requests"`
+	SendWriteTokensToWorkflows        *bool `json:"send_write_tokens_to_workflows,omitempty"`
+	SendSecretsAndVariables           *bool `json:"send_secrets_and_variables,omitempty"`
+	RequireApprovalForForkPRWorkflows *bool `json:"require_approval_for_fork_pr_workflows,omitempty"`
+}
+
 // ListWorkflows lists all workflows in a repository.
 //
 // GitHub API docs: https://docs.github.com/rest/actions/workflows#list-repository-workflows
diff --git a/github/github-accessors.go b/github/github-accessors.go
index d0973b280b0..e5f45faf2a7 100644
--- a/github/github-accessors.go
+++ b/github/github-accessors.go
@@ -29974,6 +29974,62 @@ func (w *Workflows) GetTotalCount() int {
 	return *w.TotalCount
 }
 
+// GetRequireApprovalForForkPRWorkflows returns the RequireApprovalForForkPRWorkflows field if it's non-nil, zero value otherwise.
+func (w *WorkflowsPermissions) GetRequireApprovalForForkPRWorkflows() bool {
+	if w == nil || w.RequireApprovalForForkPRWorkflows == nil {
+		return false
+	}
+	return *w.RequireApprovalForForkPRWorkflows
+}
+
+// GetRunWorkflowsFromForkPullRequests returns the RunWorkflowsFromForkPullRequests field if it's non-nil, zero value otherwise.
+func (w *WorkflowsPermissions) GetRunWorkflowsFromForkPullRequests() bool {
+	if w == nil || w.RunWorkflowsFromForkPullRequests == nil {
+		return false
+	}
+	return *w.RunWorkflowsFromForkPullRequests
+}
+
+// GetSendSecretsAndVariables returns the SendSecretsAndVariables field if it's non-nil, zero value otherwise.
+func (w *WorkflowsPermissions) GetSendSecretsAndVariables() bool {
+	if w == nil || w.SendSecretsAndVariables == nil {
+		return false
+	}
+	return *w.SendSecretsAndVariables
+}
+
+// GetSendWriteTokensToWorkflows returns the SendWriteTokensToWorkflows field if it's non-nil, zero value otherwise.
+func (w *WorkflowsPermissions) GetSendWriteTokensToWorkflows() bool {
+	if w == nil || w.SendWriteTokensToWorkflows == nil {
+		return false
+	}
+	return *w.SendWriteTokensToWorkflows
+}
+
+// GetRequireApprovalForForkPRWorkflows returns the RequireApprovalForForkPRWorkflows field if it's non-nil, zero value otherwise.
+func (w *WorkflowsPermissionsOpt) GetRequireApprovalForForkPRWorkflows() bool {
+	if w == nil || w.RequireApprovalForForkPRWorkflows == nil {
+		return false
+	}
+	return *w.RequireApprovalForForkPRWorkflows
+}
+
+// GetSendSecretsAndVariables returns the SendSecretsAndVariables field if it's non-nil, zero value otherwise.
+func (w *WorkflowsPermissionsOpt) GetSendSecretsAndVariables() bool {
+	if w == nil || w.SendSecretsAndVariables == nil {
+		return false
+	}
+	return *w.SendSecretsAndVariables
+}
+
+// GetSendWriteTokensToWorkflows returns the SendWriteTokensToWorkflows field if it's non-nil, zero value otherwise.
+func (w *WorkflowsPermissionsOpt) GetSendWriteTokensToWorkflows() bool {
+	if w == nil || w.SendWriteTokensToWorkflows == nil {
+		return false
+	}
+	return *w.SendWriteTokensToWorkflows
+}
+
 // GetDoNotEnforceOnCreate returns the DoNotEnforceOnCreate field if it's non-nil, zero value otherwise.
 func (w *WorkflowsRuleParameters) GetDoNotEnforceOnCreate() bool {
 	if w == nil || w.DoNotEnforceOnCreate == nil {
diff --git a/github/github-accessors_test.go b/github/github-accessors_test.go
index dbc78f046ba..a7e054515da 100644
--- a/github/github-accessors_test.go
+++ b/github/github-accessors_test.go
@@ -38630,6 +38630,83 @@ func TestWorkflows_GetTotalCount(tt *testing.T) {
 	w.GetTotalCount()
 }
 
+func TestWorkflowsPermissions_GetRequireApprovalForForkPRWorkflows(tt *testing.T) {
+	tt.Parallel()
+	var zeroValue bool
+	w := &WorkflowsPermissions{RequireApprovalForForkPRWorkflows: &zeroValue}
+	w.GetRequireApprovalForForkPRWorkflows()
+	w = &WorkflowsPermissions{}
+	w.GetRequireApprovalForForkPRWorkflows()
+	w = nil
+	w.GetRequireApprovalForForkPRWorkflows()
+}
+
+func TestWorkflowsPermissions_GetRunWorkflowsFromForkPullRequests(tt *testing.T) {
+	tt.Parallel()
+	var zeroValue bool
+	w := &WorkflowsPermissions{RunWorkflowsFromForkPullRequests: &zeroValue}
+	w.GetRunWorkflowsFromForkPullRequests()
+	w = &WorkflowsPermissions{}
+	w.GetRunWorkflowsFromForkPullRequests()
+	w = nil
+	w.GetRunWorkflowsFromForkPullRequests()
+}
+
+func TestWorkflowsPermissions_GetSendSecretsAndVariables(tt *testing.T) {
+	tt.Parallel()
+	var zeroValue bool
+	w := &WorkflowsPermissions{SendSecretsAndVariables: &zeroValue}
+	w.GetSendSecretsAndVariables()
+	w = &WorkflowsPermissions{}
+	w.GetSendSecretsAndVariables()
+	w = nil
+	w.GetSendSecretsAndVariables()
+}
+
+func TestWorkflowsPermissions_GetSendWriteTokensToWorkflows(tt *testing.T) {
+	tt.Parallel()
+	var zeroValue bool
+	w := &WorkflowsPermissions{SendWriteTokensToWorkflows: &zeroValue}
+	w.GetSendWriteTokensToWorkflows()
+	w = &WorkflowsPermissions{}
+	w.GetSendWriteTokensToWorkflows()
+	w = nil
+	w.GetSendWriteTokensToWorkflows()
+}
+
+func TestWorkflowsPermissionsOpt_GetRequireApprovalForForkPRWorkflows(tt *testing.T) {
+	tt.Parallel()
+	var zeroValue bool
+	w := &WorkflowsPermissionsOpt{RequireApprovalForForkPRWorkflows: &zeroValue}
+	w.GetRequireApprovalForForkPRWorkflows()
+	w = &WorkflowsPermissionsOpt{}
+	w.GetRequireApprovalForForkPRWorkflows()
+	w = nil
+	w.GetRequireApprovalForForkPRWorkflows()
+}
+
+func TestWorkflowsPermissionsOpt_GetSendSecretsAndVariables(tt *testing.T) {
+	tt.Parallel()
+	var zeroValue bool
+	w := &WorkflowsPermissionsOpt{SendSecretsAndVariables: &zeroValue}
+	w.GetSendSecretsAndVariables()
+	w = &WorkflowsPermissionsOpt{}
+	w.GetSendSecretsAndVariables()
+	w = nil
+	w.GetSendSecretsAndVariables()
+}
+
+func TestWorkflowsPermissionsOpt_GetSendWriteTokensToWorkflows(tt *testing.T) {
+	tt.Parallel()
+	var zeroValue bool
+	w := &WorkflowsPermissionsOpt{SendWriteTokensToWorkflows: &zeroValue}
+	w.GetSendWriteTokensToWorkflows()
+	w = &WorkflowsPermissionsOpt{}
+	w.GetSendWriteTokensToWorkflows()
+	w = nil
+	w.GetSendWriteTokensToWorkflows()
+}
+
 func TestWorkflowsRuleParameters_GetDoNotEnforceOnCreate(tt *testing.T) {
 	tt.Parallel()
 	var zeroValue bool
diff --git a/github/github-stringify_test.go b/github/github-stringify_test.go
index abbe7f6b8c0..c1e757fccd4 100644
--- a/github/github-stringify_test.go
+++ b/github/github-stringify_test.go
@@ -2338,3 +2338,17 @@ func TestWeeklyStats_String(t *testing.T) {
 		t.Errorf("WeeklyStats.String = %v, want %v", got, want)
 	}
 }
+
+func TestWorkflowsPermissions_String(t *testing.T) {
+	t.Parallel()
+	v := WorkflowsPermissions{
+		RunWorkflowsFromForkPullRequests:  Ptr(false),
+		SendWriteTokensToWorkflows:        Ptr(false),
+		SendSecretsAndVariables:           Ptr(false),
+		RequireApprovalForForkPRWorkflows: Ptr(false),
+	}
+	want := `github.WorkflowsPermissions{RunWorkflowsFromForkPullRequests:false, SendWriteTokensToWorkflows:false, SendSecretsAndVariables:false, RequireApprovalForForkPRWorkflows:false}`
+	if got := v.String(); got != want {
+		t.Errorf("WorkflowsPermissions.String = %v, want %v", got, want)
+	}
+}
diff --git a/github/repos_actions_permissions.go b/github/repos_actions_permissions.go
index 4992e503371..902c818a425 100644
--- a/github/repos_actions_permissions.go
+++ b/github/repos_actions_permissions.go
@@ -153,3 +153,40 @@ func (s *RepositoriesService) EditArtifactAndLogRetentionPeriod(ctx context.Cont
 
 	return s.client.Do(ctx, req, nil)
 }
+
+// GetPrivateRepoForkPRWorkflowSettings gets the settings for whether workflows from fork pull requests can run on a private repository.
+//
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#get-private-repo-fork-pr-workflow-settings-for-a-repository
+//
+//meta:operation GET /repos/{owner}/{repo}/actions/permissions/fork-pr-workflows-private-repos
+func (s *RepositoriesService) GetPrivateRepoForkPRWorkflowSettings(ctx context.Context, owner, repo string) (*WorkflowsPermissions, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/actions/permissions/fork-pr-workflows-private-repos", owner, repo)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	permissions := new(WorkflowsPermissions)
+	resp, err := s.client.Do(ctx, req, permissions)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return permissions, resp, nil
+}
+
+// UpdatePrivateRepoForkPRWorkflowSettings sets the settings for whether workflows from fork pull requests can run on a private repository.
+//
+// GitHub API docs: https://docs.github.com/rest/actions/permissions#set-private-repo-fork-pr-workflow-settings-for-a-repository
+//
+//meta:operation PUT /repos/{owner}/{repo}/actions/permissions/fork-pr-workflows-private-repos
+func (s *RepositoriesService) UpdatePrivateRepoForkPRWorkflowSettings(ctx context.Context, owner, repo string, permissions *WorkflowsPermissionsOpt) (*Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/actions/permissions/fork-pr-workflows-private-repos", owner, repo)
+	req, err := s.client.NewRequest("PUT", u, permissions)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
diff --git a/github/repos_actions_permissions_test.go b/github/repos_actions_permissions_test.go
index d498023356e..bc41531096d 100644
--- a/github/repos_actions_permissions_test.go
+++ b/github/repos_actions_permissions_test.go
@@ -265,3 +265,84 @@ func TestRepositoriesService_EditArtifactAndLogRetentionPeriod(t *testing.T) {
 		return client.Repositories.EditArtifactAndLogRetentionPeriod(ctx, "o", "r", *input)
 	})
 }
+
+func TestRepositoriesService_GetPrivateRepoForkPRWorkflowSettings(t *testing.T) {
+	t.Parallel()
+	client, mux, _ := setup(t)
+
+	mux.HandleFunc("/repos/o/r/actions/permissions/fork-pr-workflows-private-repos", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, "GET")
+		fmt.Fprint(w, `{"run_workflows_from_fork_pull_requests": true, "send_write_tokens_to_workflows": false, "send_secrets_and_variables": true, "require_approval_for_fork_pr_workflows": false}`)
+	})
+
+	ctx := context.Background()
+	permissions, _, err := client.Repositories.GetPrivateRepoForkPRWorkflowSettings(ctx, "o", "r")
+	if err != nil {
+		t.Errorf("Repositories.GetPrivateRepoForkPRWorkflowSettings returned error: %v", err)
+	}
+	want := &WorkflowsPermissions{
+		RunWorkflowsFromForkPullRequests:  Ptr(true),
+		SendWriteTokensToWorkflows:        Ptr(false),
+		SendSecretsAndVariables:           Ptr(true),
+		RequireApprovalForForkPRWorkflows: Ptr(false),
+	}
+	if !cmp.Equal(permissions, want) {
+		t.Errorf("Repositories.GetPrivateRepoForkPRWorkflowSettings returned %+v, want %+v", permissions, want)
+	}
+
+	const methodName = "GetPrivateRepoForkPRWorkflowSettings"
+	testBadOptions(t, methodName, func() (err error) {
+		_, _, err = client.Repositories.GetPrivateRepoForkPRWorkflowSettings(ctx, "\n", "\n")
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		got, resp, err := client.Repositories.GetPrivateRepoForkPRWorkflowSettings(ctx, "o", "r")
+		if got != nil {
+			t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got)
+		}
+		return resp, err
+	})
+}
+
+func TestRepositoriesService_UpdatePrivateRepoForkPRWorkflowSettings(t *testing.T) {
+	t.Parallel()
+	client, mux, _ := setup(t)
+
+	input := &WorkflowsPermissionsOpt{
+		RunWorkflowsFromForkPullRequests: true,
+		SendWriteTokensToWorkflows:       Ptr(false),
+		SendSecretsAndVariables:          Ptr(true),
+	}
+
+	mux.HandleFunc("/repos/o/r/actions/permissions/fork-pr-workflows-private-repos", func(w http.ResponseWriter, r *http.Request) {
+		v := new(WorkflowsPermissionsOpt)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
+
+		testMethod(t, r, "PUT")
+		if !cmp.Equal(v, input) {
+			t.Errorf("Request body = %+v, want %+v", v, input)
+		}
+		w.WriteHeader(http.StatusNoContent)
+	})
+
+	ctx := context.Background()
+	resp, err := client.Repositories.UpdatePrivateRepoForkPRWorkflowSettings(ctx, "o", "r", input)
+	if err != nil {
+		t.Errorf("Repositories.UpdatePrivateRepoForkPRWorkflowSettings returned error: %v", err)
+	}
+
+	if resp.StatusCode != http.StatusNoContent {
+		t.Errorf("Repositories.UpdatePrivateRepoForkPRWorkflowSettings = %d, want %d", resp.StatusCode, http.StatusNoContent)
+	}
+
+	const methodName = "UpdatePrivateRepoForkPRWorkflowSettings"
+	testBadOptions(t, methodName, func() (err error) {
+		_, err = client.Repositories.UpdatePrivateRepoForkPRWorkflowSettings(ctx, "\n", "\n", input)
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		return client.Repositories.UpdatePrivateRepoForkPRWorkflowSettings(ctx, "o", "r", input)
+	})
+}