diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 2d4c4d79a9a..e769b86e879 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -216,6 +216,7 @@ jobs:
     name: Cleanup persistent storages
     uses: ./.github/workflows/persistent_storage.yml
     secrets: inherit
+    permissions: {contents: read}
     with:
       job_type: cleanup
       persistent_storage: ${{ needs.storage_type.outputs.storage }}
@@ -235,7 +236,7 @@ jobs:
     name: Seed Persistent Storage for 3.${{matrix.python3}} Linux with ${{ matrix.arcticdb_version }} ArcticDB package version
     uses: ./.github/workflows/persistent_storage.yml
     secrets: inherit
-    permissions: {packages: write}
+    permissions: {contents: read}
     with:
       job_type: seed
       python3: ${{matrix.python3}}
@@ -260,7 +261,7 @@ jobs:
     name: Seed Persistent Storage for 3.${{matrix.python3}} Windows with ${{ matrix.arcticdb_version }} ArcticDB package version
     uses: ./.github/workflows/persistent_storage.yml
     secrets: inherit
-    permissions: {packages: write}
+    permissions: {contents: read}
     with:
       job_type: seed
       python3: ${{matrix.python3}}
@@ -284,7 +285,7 @@ jobs:
     name: Seed Persistent Storage for 3.${{matrix.python3}} MacOS with ${{ matrix.arcticdb_version }} ArcticDB package version
     uses: ./.github/workflows/persistent_storage.yml
     secrets: inherit
-    permissions: {packages: write}
+    permissions: {contents: read}
     with:
       job_type: seed
       python3: ${{matrix.python3}}
@@ -410,7 +411,7 @@ jobs:
     name: Verify Persistent Storage for 3.${{matrix.python3}} Linux with ${{ matrix.arcticdb_version }} ArcticDB package version
     uses: ./.github/workflows/persistent_storage.yml
     secrets: inherit
-    permissions: {packages: write}
+    permissions: {contents: read}
     with:
       job_type: verify
       python3: ${{matrix.python3}}
@@ -434,7 +435,7 @@ jobs:
     name: Verify Persistent Storage for 3.${{matrix.python3}} Windows with ${{ matrix.arcticdb_version }} ArcticDB package version
     uses: ./.github/workflows/persistent_storage.yml
     secrets: inherit
-    permissions: {packages: write}
+    permissions: {contents: read}
     with:
       job_type: verify
       python3: ${{matrix.python3}}
@@ -486,7 +487,7 @@ jobs:
     name: Verify Persistent Storage for 3.${{matrix.python3}} MacOS with ${{ matrix.arcticdb_version }} ArcticDB package version
     uses: ./.github/workflows/persistent_storage.yml
     secrets: inherit
-    permissions: {packages: write}
+    permissions: {contents: read}
     with:
       job_type: verify
       python3: ${{matrix.python3}}
@@ -501,6 +502,7 @@ jobs:
     name: Cleanup persistent storages
     uses: ./.github/workflows/persistent_storage.yml
     secrets: inherit
+    permissions: {contents: read}
     with:
       job_type: cleanup
       persistent_storage: ${{ needs.storage_type.outputs.storage }}
diff --git a/.github/workflows/persistent_storage.yml b/.github/workflows/persistent_storage.yml
index d4b394f5887..688a714c622 100644
--- a/.github/workflows/persistent_storage.yml
+++ b/.github/workflows/persistent_storage.yml
@@ -9,6 +9,9 @@ on:
       arcticdb_version:  {default: "", type: string, description: The version of ArcticDB that will be installed and used for seed/verify }
       persistent_storage: {required: true, default: "no", type: string, description: Specifies whether the python tests should tests against real storages e.g. AWS S3  }
 
+permissions:
+  contents: read
+
 jobs:
   setup:
     if: inputs.job_type != 'cleanup'