Github token permission settings

Hi

If I set GITHUB_TOKEN permissions to READ ONLY at the org level, can I override that in the workflow.yml to grant write permission?

Doubtful.

The design of that is for a paranoid admin to prevent people from being dangerous.

You can modify the permissions for the GITHUB_TOKEN in individual workflow files.
If the default permissions for the GITHUB_TOKEN are restrictive, you may have to elevate the permissions to allow some actions and commands to run successfully.