diff --git a/.github/workflows/azure-terraform.yml b/.github/workflows/azure-terraform.yml
index 859bf2a..5d64964 100644
--- a/.github/workflows/azure-terraform.yml
+++ b/.github/workflows/azure-terraform.yml
@@ -12,6 +12,11 @@ on:
       - "**/azure/**"
       - ".github/workflows/azure-terraform.yml"
 
+permissions:
+  contents: read
+  id-token: write
+  pull-requests: write
+
 jobs:
   create:
     name: Create AKS Cluster
diff --git a/.github/workflows/create-cluster.yml b/.github/workflows/create-cluster.yml
index 00350f8..b6e47bc 100644
--- a/.github/workflows/create-cluster.yml
+++ b/.github/workflows/create-cluster.yml
@@ -58,11 +58,6 @@ on:
         description: ''
         required: false
 
-permissions:
-  contents: read
-  id-token: write
-  pull-requests: write
-
 env:
   ARM_CLIENT_ID: ${{ secrets.CLIENT_ID || '' }}
   ARM_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET || '' }}
diff --git a/.github/workflows/destroy-cluster.yml b/.github/workflows/destroy-cluster.yml
index 9f8f45b..46e06f9 100644
--- a/.github/workflows/destroy-cluster.yml
+++ b/.github/workflows/destroy-cluster.yml
@@ -58,11 +58,6 @@ on:
         description: ''
         required: false
 
-permissions:
-  contents: read
-  id-token: write
-  pull-requests: write
-
 env:
   ARM_CLIENT_ID: ${{ secrets.CLIENT_ID || '' }}
   ARM_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET || '' }}