Currently it appears that repo access is set up to be organization wide. Repo access should be configurable in a more granular way.

Option 1: Allow overrides for groups to support permitting access to repos that are forbidden for the rest of the organization.

Option 2: Move the repo permissions to be managed with group membership.