diff --git a/.github/workflows/deploy-preview.yml b/.github/workflows/deploy-preview.yml
index a11416f1c9..4119744de3 100644
--- a/.github/workflows/deploy-preview.yml
+++ b/.github/workflows/deploy-preview.yml
@@ -5,6 +5,11 @@ on:
     workflows: ["Build docs site"]
     types: [completed]
 
+permissions:
+  deployments: write
+  pull-requests: write
+  statuses: write
+
 jobs:
   deploy:
     if: ${{ github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }}
diff --git a/.github/workflows/pr-comment-trigger.yml b/.github/workflows/pr-comment-trigger.yml
index cd925573bc..15d05b1a47 100644
--- a/.github/workflows/pr-comment-trigger.yml
+++ b/.github/workflows/pr-comment-trigger.yml
@@ -5,6 +5,9 @@ on:
     types:
       - created
 
+permissions:
+  issues: write
+
 jobs:
   pr-comment:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/pull-request-checker.yml b/.github/workflows/pull-request-checker.yml
index d85e5cb2e4..ab167f298f 100644
--- a/.github/workflows/pull-request-checker.yml
+++ b/.github/workflows/pull-request-checker.yml
@@ -8,6 +8,9 @@ on:
       - anax-test-branch # TODO Delete this line before merging PR
     types: [opened, reopened, edited, labeled]
 
+permissions:
+  pull-requests: write
+
 jobs:
   initial-comment:
     name: PR Instructions