# Permissions

Woven requires the following permissions

<table><thead><tr><th width="127">Scope</th><th width="130">Permission</th><th>Reason</th></tr></thead><tbody><tr><td>Contents</td><td>READ &#x26; WRITE</td><td><p>Allows Woven to sync the metadata back to your codebase. </p><p><em>We do not need elevated access to your protected branches.</em></p></td></tr><tr><td>Pull Requests</td><td>READ &#x26; WRITE</td><td>Allows Woven to create simple onboarding experience such as auto-generated configuration PR</td></tr><tr><td>Actions</td><td>READ &#x26; WRITE</td><td>To manage Woven's CI workflow that runs on GitHub Actions in your environment</td></tr><tr><td>Checks</td><td>READ &#x26; WRITE</td><td>Read third-party checks (e.g. dbt Cloud) and create Woven's checks to block PR from merging if data policies aren't met</td></tr><tr><td>Workflows</td><td>READ &#x26; WRITE</td><td>To manage Woven's CI workflow that runs on GitHub Actions in your environment</td></tr><tr><td>Secrets</td><td>READ &#x26; WRITE</td><td>To set Woven API keys. </td></tr><tr><td>Variables</td><td>READ &#x26; WRITE</td><td>To set configuration variables and feature flags</td></tr><tr><td>User Email</td><td>READ</td><td>Send notifications to users</td></tr></tbody></table>