GitHub Actions "Resource not accessible by integration" (issues: write missing)
The default GITHUB_TOKEN permissions are limited. Creating issue/PR comments, labels, or assignments requires the workflow to grant issues: write (and often pull-requests: write).
What this error means
An API call to create a comment or label fails with Resource not accessible by integration, despite using the built-in token.
github-actions
HttpError: Resource not accessible by integration (403)
creating comment on issue #42Common causes
Missing issues/pull-requests write
The default token scope does not include write on issues or PRs unless granted.
Restricted default permissions
An org/repo default of read-only requires per-workflow permission grants.
How to fix it
Grant the needed write permissions
- Add a permissions block granting issues: write and pull-requests: write as needed.
- Scope it to the job that needs it for least privilege.
- Confirm org/repo settings do not override the grant.
.github/workflows/ci.yml
permissions:
issues: write
pull-requests: write
jobs:
comment:
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@v7
with:
script: |
await github.rest.issues.createComment({
...context.repo, issue_number: context.issue.number, body: 'hi' });How to prevent it
- Grant only the write scopes each job needs.
- Review the repository default workflow token permissions.
Related guides
GitHub Actions default GITHUB_TOKEN is read-only (cannot push)Fix a GitHub Actions push that is denied - the default GITHUB_TOKEN is read-only and needs contents: write to…
GitHub Actions github-script "Bad credentials" (Octokit)Fix actions/github-script "Bad credentials" - the Octokit client is using a missing, empty, or wrong token.
GitHub Actions "Unexpected value 'permissions'" (job vs workflow level)Fix "Unexpected value permissions" in GitHub Actions - the permissions key was placed at the wrong level or w…