diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
index dba13f9358..988c2dcc6c 100644
--- a/.github/workflows/docker-release.yml
+++ b/.github/workflows/docker-release.yml
@@ -2,8 +2,13 @@ name: 'Trigger Docker build on release'
 on:
   release:
     types: [released]
+permissions:
+  contents: read
+
 jobs:
   curl:
+    permissions:
+      contents: none
     name: 'Trigger Docker build on release'
     runs-on: ubuntu-latest
     container:
diff --git a/.github/workflows/docs-checker.yml b/.github/workflows/docs-checker.yml
index 5e91063698..a0f77b43fd 100644
--- a/.github/workflows/docs-checker.yml
+++ b/.github/workflows/docs-checker.yml
@@ -3,6 +3,9 @@ on:
   pull_request:
     types: [ opened, synchronize, reopened, edited ]
 
+permissions:
+  contents: read
+
 jobs:
   docs-required:
     name: 'Documentation Required'
diff --git a/.github/workflows/patch-mariadb-tests.yml b/.github/workflows/patch-mariadb-tests.yml
index c8294886a0..224e380925 100644
--- a/.github/workflows/patch-mariadb-tests.yml
+++ b/.github/workflows/patch-mariadb-tests.yml
@@ -7,6 +7,9 @@ concurrency:
   group: patch-mariadb-develop-${{ github.event.number }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 93d43ddedf..e9936482b0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,6 +3,9 @@ on:
   push:
     branches:
       - version-14-beta
+permissions:
+  contents: read
+
 jobs:
   release:
     name: Release
diff --git a/.github/workflows/server-mariadb-tests.yml b/.github/workflows/server-mariadb-tests.yml
index 4edf74ba71..48104b8f16 100644
--- a/.github/workflows/server-mariadb-tests.yml
+++ b/.github/workflows/server-mariadb-tests.yml
@@ -11,6 +11,9 @@ concurrency:
   cancel-in-progress: true
 
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/server-postgres-tests.yml b/.github/workflows/server-postgres-tests.yml
index 895af5184e..241b7ddf96 100644
--- a/.github/workflows/server-postgres-tests.yml
+++ b/.github/workflows/server-postgres-tests.yml
@@ -10,6 +10,9 @@ concurrency:
   group: server-postgres-develop-${{ github.event.number }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/ui-tests.yml b/.github/workflows/ui-tests.yml
index fc8093444e..06ad921a6a 100644
--- a/.github/workflows/ui-tests.yml
+++ b/.github/workflows/ui-tests.yml
@@ -10,6 +10,9 @@ concurrency:
   group: ui-develop-${{ github.event.number }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest