diff --git a/.github/workflows/batch_release_pr.yml b/.github/workflows/batch_release_pr.yml
index 43d84564242..03255791221 100644
--- a/.github/workflows/batch_release_pr.yml
+++ b/.github/workflows/batch_release_pr.yml
@@ -45,7 +45,9 @@ jobs:
     if: needs.create_batch_release_branch.outputs.branch_created == 'true'
     runs-on: ubuntu-latest
     permissions:
-      pull-requests: write # Grants write permission to create a PR.
+      # The create-pull-request action needs both content and pull-requests permissions.
+      pull-requests: write
+      contents: write
     env:
       BRANCH_NAME: ${{ github.event.client_payload.package }}-${{ github.run_id }}-${{ github.run_attempt }}
     steps:
diff --git a/.github/workflows/sync_release_pr.yml b/.github/workflows/sync_release_pr.yml
index a53436ce0ff..6cb19bb4edb 100644
--- a/.github/workflows/sync_release_pr.yml
+++ b/.github/workflows/sync_release_pr.yml
@@ -9,6 +9,10 @@ on:
 jobs:
   create_sync_pr:
     runs-on: ubuntu-latest
+    permissions:
+      # The create-pull-request action needs both content and pull-requests permissions.
+      contents: write
+      pull-requests: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd