diff --git a/.github/workflows/auto_branching.yml b/.github/workflows/auto_branching.yml
index 0b2077152..6609131a2 100644
--- a/.github/workflows/auto_branching.yml
+++ b/.github/workflows/auto_branching.yml
@@ -13,9 +13,33 @@ on:
         description: new stream version of satellite
 
 jobs:
-  auto-branching-non-master:
+  check-group-membership:
+    runs-on: ubuntu-latest
+    outputs:
+      member: ${{steps.check_membership.outputs.member}}
+
+    steps:
+      - name: Check if the user is a member of repository-admins group
+        id: check_membership
+        run: |
+          # Use GitHub API to check if the user triggering the workflow is a member of satellite-admin group
+          MEMBER=$(curl -s -H "Authorization: token ${{ secrets.CHERRYPICK_PAT }}" \
+              "https://api.github.com/orgs/satelliteQE/teams/repository-admins/memberships/${{ github.actor }}")
+          if [[ $(echo "$MEMBER" | jq -r '.state') == "active" ]]; then
+            echo "User is a member of satellite-admin group."
+            echo "member=true" >> $GITHUB_OUTPUT
+          else
+            echo "User is not a member of satellite-admin group."
+            echo "member=false" >> $GITHUB_OUTPUT
+            exit 1
+          fi
+
+
+  auto-branching-new-downstream-release:
     name: ${{ github.event.inputs.target_branch }} - raise PR with changes
     runs-on: ubuntu-latest
+    needs: check-group-membership
+    if: ${{ needs.check-group-membership.outputs.member == 'true' }}
 
     steps:
       - uses: actions/checkout@v4
@@ -24,7 +48,7 @@ jobs:
         id: create-branch
         uses: peterjgrainger/action-create-branch@v2.2.0
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.CHERRYPICK_PAT }}
         with:
           branch: ${{ github.event.inputs.target_branch }}
 
@@ -32,7 +56,7 @@ jobs:
         id: create-label
         run: |
           curl -X POST \
-            -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+            -H "Authorization: token ${{ secrets.CHERRYPICK_PAT }}" \
             -H "Accept: application/vnd.github.v3+json" \
             https://api.github.com/repos/${{ github.repository }}/labels \
             -d "{\"name\":\"${{ github.event.inputs.target_branch }}\",\"color\":\"fbca04\"}"
@@ -91,7 +115,7 @@ jobs:
           echo "$pr_number"
           echo "pr_number=$pr_number" >> $GITHUB_OUTPUT
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.CHERRYPICK_PAT }}
 
       - name: Add the prt comment for running the sanity tests
         id: add-parent-prt-comment
@@ -105,6 +129,8 @@ jobs:
   auto-branching-master:
     name: master - raise PR with changes
     runs-on: ubuntu-latest
+    needs: check-group-membership
+    if: ${{ needs.check-group-membership.outputs.member == 'true' }}
 
     steps:
       - uses: actions/checkout@v4
@@ -149,7 +175,7 @@ jobs:
           echo "$pr_number"
           echo "pr_number=$pr_number" >> $GITHUB_OUTPUT
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.CHERRYPICK_PAT }}
 
       - name: Add the prt comment for running the sanity tests
         id: add-parent-prt-comment