Github token permission settings


If I set GITHUB_TOKEN permissions to READ ONLY at the org level, can I override that in the workflow.yml to grant write permission?


The design of that is for a paranoid admin to prevent people from being dangerous.

You can modify the permissions for the GITHUB_TOKEN in individual workflow files.
If the default permissions for the GITHUB_TOKEN are restrictive, you may have to elevate the permissions to allow some actions and commands to run successfully.