From f5740b6f79d7e18c35732957d360c2e98a797fe2 Mon Sep 17 00:00:00 2001
From: Dimitris Alexandridis <adimitris@users.noreply.github.com>
Date: Fri, 6 Oct 2023 14:02:01 +0100
Subject: [PATCH] Update explanation for the scope of `permissions` in the
 provided code examples for token authentication (#28551)

Co-authored-by: cmwilson21 <77312589+cmwilson21@users.noreply.github.com>
---
 .../actions/security-guides/automatic-token-authentication.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/actions/security-guides/automatic-token-authentication.md b/content/actions/security-guides/automatic-token-authentication.md
index fb6a0627b6..484ddca16e 100644
--- a/content/actions/security-guides/automatic-token-authentication.md
+++ b/content/actions/security-guides/automatic-token-authentication.md
@@ -117,7 +117,7 @@ You can use the `permissions` key in your workflow file to modify permissions fo
 
 {% data reusables.actions.forked-write-permission %}
 
-The two workflow examples earlier in this article show the `permissions` key being used at the workflow level, and at the job level. In [Example 1](#example-1-passing-the-github_token-as-an-input) the two permissions are specified for the entire workflow. In [Example 2](#example-2-calling-the-rest-api) write access is granted for one scope for a single job.
+The two workflow examples earlier in this article show the `permissions` key being used at the job level, as it is best practice to limit the permissions' scope.
 
 For full details of the `permissions` key, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#permissions)."