diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
index 20a6fd7993..e72e95c02b 100644
--- a/.github/workflows/dependabot.yml
+++ b/.github/workflows/dependabot.yml
@@ -13,6 +13,10 @@ on:
           description: 'Run code generation manually from GH CLI'
           required: true
           default: 'Make Generate'
+
+permissions:
+  contents: write # Allow actions to update dependabot PRs
+
 jobs:
   build:
     name: Build
diff --git a/.github/workflows/pr-verify.yml b/.github/workflows/pr-verify.yml
index 0198b590bb..51e8acaaf3 100644
--- a/.github/workflows/pr-verify.yml
+++ b/.github/workflows/pr-verify.yml
@@ -4,6 +4,9 @@ on:
   pull_request_target:
     types: [opened, edited, synchronize, reopened]
 
+permissions:
+  checks: write
+
 jobs:
   verify:
     runs-on: ubuntu-latest