Skip to content

"Modifying the permissions for the GITHUB_TOKEN" should use a callout box for "When the permissions key is used, all unspecified permissions are set to no access" #35810

New issue
New issue
Closed
#35967
Closed
"Modifying the permissions for the GITHUB_TOKEN" should use a callout box for "When the permissions key is used, all unspecified permissions are set to no access"#35810
#35967
Labels
SME reviewedAn SME has reviewed this issue/PRactionsThis issue or pull request should be reviewed by the docs actions teamcontentThis issue or pull request belongs to the Docs Content team
@jsoref

Description

@jsoref
jsoref
opened on Jan 2, 2025

Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token

What part(s) of the article would you like to see updated?

After:

You can use the permissions key in your workflow file to modify permissions for the GITHUB_TOKEN for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job.

Add a callout to the next bit:

Note

When the permissions key is used, all unspecified permissions are set to no access, with the exception of the metadata scope, which always gets read access.

Additional information

actions/deploy-pages#329 (comment)
actions/deploy-pages#329 (comment)
actions/deploy-pages#329 (comment)

Metadata

Metadata

Assignees

No one assigned

    Labels

    SME reviewedAn SME has reviewed this issue/PRactionsThis issue or pull request should be reviewed by the docs actions teamcontentThis issue or pull request belongs to the Docs Content team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions