diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml
index 2c307843..d07cf121 100755
--- a/.github/workflows/call_issue_pr_tracker.yml
+++ b/.github/workflows/call_issue_pr_tracker.yml
@@ -8,6 +8,9 @@ on:
   pull_request_review:
     types: [submitted,edited,dismissed]
 
+permissions:
+  contents: read
+
 jobs:
   manage-project:
     permissions:
diff --git a/.github/workflows/call_issues_cron.yml b/.github/workflows/call_issues_cron.yml
index fd9434ca..5033f110 100755
--- a/.github/workflows/call_issues_cron.yml
+++ b/.github/workflows/call_issues_cron.yml
@@ -4,6 +4,9 @@ on:
     - cron:  '10 17 * * *'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   stale:
     permissions:
diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml
index f2bc72ae..95bb1fe9 100755
--- a/.github/workflows/external_trigger.yml
+++ b/.github/workflows/external_trigger.yml
@@ -3,6 +3,9 @@ name: External Trigger Main
 on:
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   external-trigger-fedora-openbox:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml
index d46c9a49..83789a13 100755
--- a/.github/workflows/external_trigger_scheduler.yml
+++ b/.github/workflows/external_trigger_scheduler.yml
@@ -5,6 +5,9 @@ on:
     - cron:  '58 * * * *'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   external-trigger-scheduler:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml
index d82329e4..c45a870f 100755
--- a/.github/workflows/greetings.yml
+++ b/.github/workflows/greetings.yml
@@ -2,8 +2,14 @@ name: Greetings
 
 on: [pull_request_target, issues]
 
+permissions:
+  contents: read
+
 jobs:
   greeting:
+    permissions:
+      issues: write
+      pull-requests: write
     runs-on: ubuntu-latest
     steps:
     - uses: actions/first-interaction@v1
diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml
index 672e2594..de54f02e 100755
--- a/.github/workflows/package_trigger_scheduler.yml
+++ b/.github/workflows/package_trigger_scheduler.yml
@@ -5,6 +5,9 @@ on:
     - cron:  '9 23 * * 0'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   package-trigger-scheduler:
     runs-on: ubuntu-latest