diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/run-acceptance-tests.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/run-acceptance-tests.yml
index e435a30732..09b91fc6da 100644
--- a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/run-acceptance-tests.yml
+++ b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/run-acceptance-tests.yml
@@ -23,6 +23,8 @@ jobs:
   prerequisites:
     if: github.event_name == 'repository_dispatch' ||
       github.event.pull_request.head.repo.full_name == github.repository
+    permissions:
+      pull-requests: write
     uses: ./.github/workflows/prerequisites.yml
     secrets: inherit
     with:
@@ -77,6 +79,8 @@ jobs:
     name: sentinel
     if: github.event_name == 'repository_dispatch' ||
       github.event.pull_request.head.repo.full_name == github.repository
+    permissions:
+      statuses: write
     needs:
     - test
     - build_provider
diff --git a/provider-ci/test-providers/acme/.github/workflows/run-acceptance-tests.yml b/provider-ci/test-providers/acme/.github/workflows/run-acceptance-tests.yml
index e093eefea1..03f68fb645 100644
--- a/provider-ci/test-providers/acme/.github/workflows/run-acceptance-tests.yml
+++ b/provider-ci/test-providers/acme/.github/workflows/run-acceptance-tests.yml
@@ -38,6 +38,8 @@ jobs:
   prerequisites:
     if: github.event_name == 'repository_dispatch' ||
       github.event.pull_request.head.repo.full_name == github.repository
+    permissions:
+      pull-requests: write
     uses: ./.github/workflows/prerequisites.yml
     secrets: inherit
     with:
@@ -89,6 +91,8 @@ jobs:
     name: sentinel
     if: github.event_name == 'repository_dispatch' ||
       github.event.pull_request.head.repo.full_name == github.repository
+    permissions:
+      statuses: write
     needs:
     - test
     - build_provider
diff --git a/provider-ci/test-providers/aws/.github/workflows/run-acceptance-tests.yml b/provider-ci/test-providers/aws/.github/workflows/run-acceptance-tests.yml
index d57c3076fe..d76ed64fd7 100644
--- a/provider-ci/test-providers/aws/.github/workflows/run-acceptance-tests.yml
+++ b/provider-ci/test-providers/aws/.github/workflows/run-acceptance-tests.yml
@@ -41,6 +41,8 @@ jobs:
   prerequisites:
     if: github.event_name == 'repository_dispatch' ||
       github.event.pull_request.head.repo.full_name == github.repository
+    permissions:
+      pull-requests: write
     uses: ./.github/workflows/prerequisites.yml
     secrets: inherit
     with:
@@ -86,6 +88,8 @@ jobs:
     name: sentinel
     if: github.event_name == 'repository_dispatch' ||
       github.event.pull_request.head.repo.full_name == github.repository
+    permissions:
+      statuses: write
     needs:
     - test
     - build_provider
diff --git a/provider-ci/test-providers/cloudflare/.github/workflows/run-acceptance-tests.yml b/provider-ci/test-providers/cloudflare/.github/workflows/run-acceptance-tests.yml
index 61f17298a0..58fc81359d 100644
--- a/provider-ci/test-providers/cloudflare/.github/workflows/run-acceptance-tests.yml
+++ b/provider-ci/test-providers/cloudflare/.github/workflows/run-acceptance-tests.yml
@@ -40,6 +40,8 @@ jobs:
   prerequisites:
     if: github.event_name == 'repository_dispatch' ||
       github.event.pull_request.head.repo.full_name == github.repository
+    permissions:
+      pull-requests: write
     uses: ./.github/workflows/prerequisites.yml
     secrets: inherit
     with:
@@ -91,6 +93,8 @@ jobs:
     name: sentinel
     if: github.event_name == 'repository_dispatch' ||
       github.event.pull_request.head.repo.full_name == github.repository
+    permissions:
+      statuses: write
     needs:
     - test
     - build_provider
diff --git a/provider-ci/test-providers/docker/.github/workflows/run-acceptance-tests.yml b/provider-ci/test-providers/docker/.github/workflows/run-acceptance-tests.yml
index 44039b338a..0c531a8a01 100644
--- a/provider-ci/test-providers/docker/.github/workflows/run-acceptance-tests.yml
+++ b/provider-ci/test-providers/docker/.github/workflows/run-acceptance-tests.yml
@@ -53,6 +53,8 @@ jobs:
   prerequisites:
     if: github.event_name == 'repository_dispatch' ||
       github.event.pull_request.head.repo.full_name == github.repository
+    permissions:
+      pull-requests: write
     uses: ./.github/workflows/prerequisites.yml
     secrets: inherit
     with:
@@ -104,6 +106,8 @@ jobs:
     name: sentinel
     if: github.event_name == 'repository_dispatch' ||
       github.event.pull_request.head.repo.full_name == github.repository
+    permissions:
+      statuses: write
     needs:
     - test
     - build_provider