diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index eb7748a..dd627bf 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -8,11 +8,6 @@ on:
   workflow_call:
   workflow_dispatch:
 
-permissions:
-  contents: read
-  checks: write
-  pull-requests: write
-
 jobs:
   check_nipanel:
     name: Check nipanel
@@ -28,4 +23,8 @@ jobs:
     name: Report test results
     uses: ./.github/workflows/report_test_results.yml
     needs: [run_unit_tests]
-    if: always()
\ No newline at end of file
+    if: always()
+    permissions:
+      contents: read
+      checks: write
+      pull-requests: write
\ No newline at end of file
diff --git a/.github/workflows/PR.yml b/.github/workflows/PR.yml
index 178ee68..2886cc3 100644
--- a/.github/workflows/PR.yml
+++ b/.github/workflows/PR.yml
@@ -8,11 +8,6 @@ on:
   workflow_call:
   workflow_dispatch:
 
-permissions:
-  contents: read
-  checks: write
-  pull-requests: write
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
@@ -21,3 +16,7 @@ jobs:
   run_ci:
     name: Run CI
     uses: ./.github/workflows/CI.yml
+    permissions:
+      contents: read
+      checks: write
+      pull-requests: write
\ No newline at end of file
diff --git a/.github/workflows/report_test_results.yml b/.github/workflows/report_test_results.yml
index b5a4e11..845f66a 100644
--- a/.github/workflows/report_test_results.yml
+++ b/.github/workflows/report_test_results.yml
@@ -4,15 +4,14 @@ on:
   workflow_call:
   workflow_dispatch:
 
-permissions:
-  contents: read
-  checks: write
-  pull-requests: write
-
 jobs:
   report_test_results:
     name: Report test results
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      checks: write
+      pull-requests: write
     steps:
       - name: Check out repo
         uses: actions/checkout@v4