diff --git a/.github/workflows/check_amalgamation.yml b/.github/workflows/check_amalgamation.yml
index f223bb118..113dc1d02 100644
--- a/.github/workflows/check_amalgamation.yml
+++ b/.github/workflows/check_amalgamation.yml
@@ -3,8 +3,6 @@ name: "Check amalgamation"
 on:
   pull_request:
 
-permissions: read-all
-
 jobs:
   save:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index d82d0b569..e0caf58c0 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -1,9 +1,6 @@
 name: CIFuzz
 on: [pull_request]
 
-permissions:
-  contents: read
-
 jobs:
   Fuzzing:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 6d4285f7f..7b88dd380 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -11,9 +11,6 @@ on:
     - cron: '0 19 * * 1'
   workflow_dispatch:
   
-permissions:
-  contents: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
   cancel-in-progress: true
diff --git a/.github/workflows/comment_check_amalgamation.yml b/.github/workflows/comment_check_amalgamation.yml
index bd4b7c85d..cba876976 100644
--- a/.github/workflows/comment_check_amalgamation.yml
+++ b/.github/workflows/comment_check_amalgamation.yml
@@ -5,8 +5,6 @@ on:
     types:
       - completed
 
-permissions: {}
-
 jobs:
   comment:
     if: ${{ github.event.workflow_run.conclusion == 'failure' }}
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 21a469b13..f5bc333f8 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -9,9 +9,6 @@
 name: 'Dependency Review'
 on: [pull_request]
 
-permissions:
-  contents: read
-
 jobs:
   dependency-review:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 3d15f7f1e..08568c076 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -4,8 +4,6 @@ on:
   pull_request_target:
     types: [opened, synchronize]
 
-permissions: {}
-
 jobs:
   label:
     permissions:
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index a1075add1..ec30efc5a 100644
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -9,9 +9,6 @@ on:
   pull_request:
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
   cancel-in-progress: true
diff --git a/.github/workflows/publish_documentation.yml b/.github/workflows/publish_documentation.yml
index 29f0e4bf4..09127aefe 100644
--- a/.github/workflows/publish_documentation.yml
+++ b/.github/workflows/publish_documentation.yml
@@ -10,9 +10,6 @@ on:
       - docs/examples/**
   workflow_dispatch:
 
-permissions:
-  contents: write
-
 # we don't want to have concurrent jobs, and we don't want to cancel running jobs to avoid broken publications
 concurrency:
   group: documentation
@@ -20,6 +17,9 @@ concurrency:
 
 jobs:
   publish_documentation:
+    permissions:
+      contents: write
+
     if: github.repository == 'nlohmann/json'
     runs-on: ubuntu-22.04
     steps:
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 8c4afd64b..c4ef2e35f 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -14,9 +14,6 @@ on:
   push:
     branches: ["develop"]
 
-# Declare default permissions as read only.
-permissions: read-all
-
 jobs:
   analysis:
     name: Scorecard analysis
diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml
index 79554505a..d3ea98b18 100644
--- a/.github/workflows/ubuntu.yml
+++ b/.github/workflows/ubuntu.yml
@@ -9,9 +9,6 @@ on:
   pull_request:
   workflow_dispatch:
   
-permissions:
-  contents: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
   cancel-in-progress: true
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index 4e21d995d..2c71775cc 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -9,9 +9,6 @@ on:
   pull_request:
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
   cancel-in-progress: true