diff --git a/.github/workflows/pull-request-dashboard-repo.yml b/.github/workflows/pull-request-dashboard-repo.yml
index e34bbfbb..91e4c7ca 100644
--- a/.github/workflows/pull-request-dashboard-repo.yml
+++ b/.github/workflows/pull-request-dashboard-repo.yml
@@ -64,8 +64,6 @@ jobs:
       cancel-in-progress: false
     permissions:
       contents: read
-      issues: write
-      pull-requests: read
     # The protected environment provides environment-level vars such as
     # PR_DASHBOARD_CLIENT_ID. The GitHub docs suggest environment secrets should
     # also be available to called reusable workflow jobs, but testing showed
@@ -131,11 +129,7 @@ jobs:
       group: ${{ github.workflow }}-state-${{ inputs.repository }}-${{ inputs.pr_number || 'full' }}
       cancel-in-progress: false
     permissions:
-      actions: read
-      checks: read
       contents: write
-      issues: read
-      pull-requests: read
     environment: protected
     runs-on: ubuntu-latest
     steps:
@@ -217,7 +211,6 @@ jobs:
       cancel-in-progress: false
     permissions:
       contents: write
-      pull-requests: read
     environment: protected
     runs-on: ubuntu-latest
     steps:
@@ -260,7 +253,6 @@ jobs:
       cancel-in-progress: false
     permissions:
       contents: read
-      issues: write
     environment: protected
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/pull-request-dashboard.yml b/.github/workflows/pull-request-dashboard.yml
index b044a183..49163ebf 100644
--- a/.github/workflows/pull-request-dashboard.yml
+++ b/.github/workflows/pull-request-dashboard.yml
@@ -161,11 +161,7 @@ jobs:
     needs: resolve-targets
     if: needs.resolve-targets.outputs.dashboard_precondition_met == 'true'
     permissions:
-      actions: read
-      checks: read
       contents: write
-      issues: write
-      pull-requests: read
     strategy:
       fail-fast: false
       max-parallel: 2