diff --git a/.github/workflows/check-pr.yml b/.github/workflows/check-pr.yml
index 13a711c8..2118c44b 100644
--- a/.github/workflows/check-pr.yml
+++ b/.github/workflows/check-pr.yml
@@ -10,6 +10,8 @@ on:
   push:
     branches:
       - next
+permissions:
+  contents: read
 env:
   HUSKY: 0
 jobs:
diff --git a/.github/workflows/merge-to-main.yml b/.github/workflows/merge-to-main.yml
index 6f2e3e73..e5096845 100644
--- a/.github/workflows/merge-to-main.yml
+++ b/.github/workflows/merge-to-main.yml
@@ -2,11 +2,17 @@ name: Attempt to merge next to main
 on:
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   # Check if next can merge into main
   perform_merge:
     name: Perform merge if "next" can merge into "main"
     runs-on: ubuntu-latest
+    permissions:
+      contents: write #because we push - git push origin "main"
+      pull-requests: write # PR updates
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -40,4 +46,4 @@ jobs:
 
     steps:
       - name: Post error message (To-Do)
-        run: echo "Next cannot be merged into main cleanly"
\ No newline at end of file
+        run: echo "Next cannot be merged into main cleanly"
diff --git a/.github/workflows/merge-to-next-major.yml b/.github/workflows/merge-to-next-major.yml
index 3f03b6b2..e4f4aa14 100644
--- a/.github/workflows/merge-to-next-major.yml
+++ b/.github/workflows/merge-to-next-major.yml
@@ -3,12 +3,17 @@ on:
   workflow_dispatch:
   push:
     branches:
-      - "next"
+      - 'next'
+permissions:
+  contents: read
 
 jobs:
   # Check if next can merge into next-major
   perform_merge:
     name: Perform merge if "next" can merge into "next-major"
+    permissions:
+      contents: write #because we push - git push origin "next-major"
+      pull-requests: write # PR updates
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -69,4 +74,4 @@ jobs:
 
     steps:
       - name: Post error message (To-Do)
-        run: echo "Next cannot be merged into next-major cleanly"
\ No newline at end of file
+        run: echo "Next cannot be merged into next-major cleanly"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7d09366c..ec99743f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,6 +5,8 @@ on:
     branches:
       - 'main'
       - 'next'
+permissions:
+  contents: read      
 env:
   HUSKY: 0
 jobs: