diff --git a/.github/workflows/assignIssue.yml b/.github/workflows/assignIssue.yml
index f4086e6b14a..5bcdfdf5d32 100644
--- a/.github/workflows/assignIssue.yml
+++ b/.github/workflows/assignIssue.yml
@@ -4,6 +4,9 @@ on:
   issues:
     types: [opened]
 
+permissions:
+  issues: write
+
 jobs:
   assignIssue:
     name: Assign Issue to Someone
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index df314046e26..026d778449d 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -11,6 +11,9 @@
 #
 name: "CodeQL"
 
+permissions:
+  pull-requests: write
+
 on:
   push:
     branches: [ main, release* ]
diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml
index 51fe7b76ce1..efd4b661da2 100644
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@@ -5,6 +5,9 @@ on:
   schedule:
     - cron: '0 0 * * *'
 
+permissions:
+  issues: write
+
 jobs:
   lock:
     runs-on: ubuntu-latest
diff --git a/news/3 Code Health/6170.md b/news/3 Code Health/6170.md
new file mode 100644
index 00000000000..0beb916b390
--- /dev/null
+++ b/news/3 Code Health/6170.md	
@@ -0,0 +1 @@
+Restore GitHub token access for CodeQL, issue locking and issue assignment workflows.
\ No newline at end of file