diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml
index 907698d..8fd6369 100644
--- a/.github/workflows/pythonpackage.yml
+++ b/.github/workflows/pythonpackage.yml
@@ -5,6 +5,9 @@ name: Python package
 
 on: [push, pull_request, workflow_dispatch]
 
+permissions:
+  contents: read
+
 jobs:
   build: