diff --git a/.github/workflows/CheckCompatBounds.yml b/.github/workflows/CheckCompatBounds.yml
index 87c7428..2fb4b15 100644
--- a/.github/workflows/CheckCompatBounds.yml
+++ b/.github/workflows/CheckCompatBounds.yml
@@ -1,6 +1,8 @@
 name: "Check Compat Bounds"
 on:
   pull_request: ~
+permissions:
+  contents: "read"
 jobs:
   check-compat-bounds:
     name: "Check Compat Bounds"
diff --git a/.github/workflows/Documentation.yml b/.github/workflows/Documentation.yml
index 7442953..9bfa4ec 100644
--- a/.github/workflows/Documentation.yml
+++ b/.github/workflows/Documentation.yml
@@ -10,6 +10,8 @@ on:
 concurrency:
   group: "${{ github.workflow }}-${{ github.ref }}"
   cancel-in-progress: "${{ github.ref_name != github.event.repository.default_branch || github.ref != 'refs/tags/v*' }}"
+permissions:
+  contents: "write"
 jobs:
   build-and-deploy-docs:
     name: "Documentation"
diff --git a/.github/workflows/FormatCheck.yml b/.github/workflows/FormatCheck.yml
index 7bbbfee..30828d6 100644
--- a/.github/workflows/FormatCheck.yml
+++ b/.github/workflows/FormatCheck.yml
@@ -6,6 +6,8 @@ on:
       - "synchronize"
       - "reopened"
       - "ready_for_review"
+permissions:
+  contents: "read"
 jobs:
   format-check:
     name: "Format Check"
diff --git a/.github/workflows/IntegrationTest.yml b/.github/workflows/IntegrationTest.yml
index 23997cc..ef29c91 100644
--- a/.github/workflows/IntegrationTest.yml
+++ b/.github/workflows/IntegrationTest.yml
@@ -11,6 +11,9 @@ on:
       - "reopened"
       - "ready_for_review"
       - "converted_to_draft"
+permissions:
+  actions: "read"
+  contents: "read"
 jobs:
   integration-test:
     name: "IntegrationTest"
diff --git a/.github/workflows/TagBot.yml b/.github/workflows/TagBot.yml
index d4da40e..007110a 100644
--- a/.github/workflows/TagBot.yml
+++ b/.github/workflows/TagBot.yml
@@ -6,6 +6,9 @@ on:
   workflow_dispatch: ~
 env:
   REGISTRY_TAGBOT_ACTION: "JuliaRegistries/TagBot"
+permissions:
+  contents: "write"
+  issues: "read"
 jobs:
   TagBot:
     if: "github.event_name == 'workflow_dispatch' || github.actor == 'JuliaTagBot'"
diff --git a/.github/workflows/Tests.yml b/.github/workflows/Tests.yml
index 244ca0e..6e1dce9 100644
--- a/.github/workflows/Tests.yml
+++ b/.github/workflows/Tests.yml
@@ -19,6 +19,8 @@ on:
 concurrency:
   group: "${{ github.workflow }}-${{ github.ref }}"
   cancel-in-progress: "${{ startsWith(github.ref, 'refs/pull/') }}"
+permissions:
+  contents: "read"
 jobs:
   tests:
     name: "Tests"
diff --git a/.github/workflows/VersionCheck.yml b/.github/workflows/VersionCheck.yml
index 102898e..7008f48 100644
--- a/.github/workflows/VersionCheck.yml
+++ b/.github/workflows/VersionCheck.yml
@@ -1,6 +1,9 @@
 name: "Version Check"
 on:
   pull_request: ~
+permissions:
+  contents: "read"
+  pull-requests: "read"
 jobs:
   version-check:
     name: "Version Check"