diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml
index 705d92120..15630f5a1 100644
--- a/.github/workflows/release-branch.yml
+++ b/.github/workflows/release-branch.yml
@@ -85,6 +85,8 @@ jobs:
     name: Update Release Draft
     runs-on: ubuntu-22.04
     needs: [vars]
+    permissions:
+      contents: write
     outputs:
       release_id: ${{ steps.vars.outputs.RELEASE_ID }}
     steps:
@@ -182,6 +184,8 @@ jobs:
     name: Tag Release
     runs-on: ubuntu-22.04
     needs: [vars,release-draft]
+    permissions:
+      contents: write
     steps:
       - name: Checkout Repository
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
@@ -206,7 +210,7 @@ jobs:
     needs: [vars,release-draft,tag-release]
     permissions:
       id-token: write
-      contents: read
+      contents: write
     steps:
       - name: Checkout Repository
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
@@ -328,6 +332,8 @@ jobs:
     name: Merge release branch back into V3 branch
     runs-on: ubuntu-22.04
     needs: [vars,tag-release]
+    permissions:
+      pull-requests: write
     steps:
       - name: Checkout Repository
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2