diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/credential-selector/components/oauth-required-modal.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/credential-selector/components/oauth-required-modal.tsx
index eb9df9cb670..7de0951e558 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/credential-selector/components/oauth-required-modal.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/credential-selector/components/oauth-required-modal.tsx
@@ -38,11 +38,13 @@ const SCOPE_DESCRIPTIONS: Record<string, string> = {
   'https://www.googleapis.com/auth/gmail.modify': 'View and manage your email messages',
   // 'https://www.googleapis.com/auth/gmail.readonly': 'View and read your email messages',
   // 'https://www.googleapis.com/auth/drive': 'View and manage your Google Drive files',
+  'https://www.googleapis.com/auth/drive.readonly': 'View and read your Google Drive files',
   'https://www.googleapis.com/auth/drive.file': 'View and manage your Google Drive files',
   // 'https://www.googleapis.com/auth/documents': 'View and manage your Google Docs',
   'https://www.googleapis.com/auth/calendar': 'View and manage your calendar',
   'https://www.googleapis.com/auth/userinfo.email': 'View your email address',
   'https://www.googleapis.com/auth/userinfo.profile': 'View your basic profile info',
+  'https://www.googleapis.com/auth/forms.responses.readonly': 'View responses to your Google Forms',
   'read:page:confluence': 'Read Confluence pages',
   'write:page:confluence': 'Write Confluence pages',
   'read:me': 'Read your profile information',
diff --git a/apps/sim/blocks/blocks/google_docs.ts b/apps/sim/blocks/blocks/google_docs.ts
index f023bdfe304..fb083c1e5d8 100644
--- a/apps/sim/blocks/blocks/google_docs.ts
+++ b/apps/sim/blocks/blocks/google_docs.ts
@@ -37,7 +37,10 @@ export const GoogleDocsBlock: BlockConfig<GoogleDocsResponse> = {
       required: true,
       provider: 'google-docs',
       serviceId: 'google-docs',
-      requiredScopes: ['https://www.googleapis.com/auth/drive.file'],
+      requiredScopes: [
+        'https://www.googleapis.com/auth/drive.readonly',
+        'https://www.googleapis.com/auth/drive.file',
+      ],
       placeholder: 'Select Google account',
     },
     // Document selector (basic mode)
diff --git a/apps/sim/blocks/blocks/google_drive.ts b/apps/sim/blocks/blocks/google_drive.ts
index 718a9f66448..b618d97da4a 100644
--- a/apps/sim/blocks/blocks/google_drive.ts
+++ b/apps/sim/blocks/blocks/google_drive.ts
@@ -36,7 +36,10 @@ export const GoogleDriveBlock: BlockConfig<GoogleDriveResponse> = {
       required: true,
       provider: 'google-drive',
       serviceId: 'google-drive',
-      requiredScopes: ['https://www.googleapis.com/auth/drive.file'],
+      requiredScopes: [
+        'https://www.googleapis.com/auth/drive.readonly',
+        'https://www.googleapis.com/auth/drive.file',
+      ],
       placeholder: 'Select Google Drive account',
     },
     // Upload Fields
@@ -80,7 +83,10 @@ export const GoogleDriveBlock: BlockConfig<GoogleDriveResponse> = {
       canonicalParamId: 'folderId',
       provider: 'google-drive',
       serviceId: 'google-drive',
-      requiredScopes: ['https://www.googleapis.com/auth/drive.file'],
+      requiredScopes: [
+        'https://www.googleapis.com/auth/drive.readonly',
+        'https://www.googleapis.com/auth/drive.file',
+      ],
       mimeType: 'application/vnd.google-apps.folder',
       placeholder: 'Select a parent folder',
       mode: 'basic',
@@ -156,7 +162,10 @@ export const GoogleDriveBlock: BlockConfig<GoogleDriveResponse> = {
       canonicalParamId: 'folderId',
       provider: 'google-drive',
       serviceId: 'google-drive',
-      requiredScopes: ['https://www.googleapis.com/auth/drive.file'],
+      requiredScopes: [
+        'https://www.googleapis.com/auth/drive.readonly',
+        'https://www.googleapis.com/auth/drive.file',
+      ],
       mimeType: 'application/vnd.google-apps.folder',
       placeholder: 'Select a parent folder',
       mode: 'basic',
@@ -183,7 +192,10 @@ export const GoogleDriveBlock: BlockConfig<GoogleDriveResponse> = {
       canonicalParamId: 'folderId',
       provider: 'google-drive',
       serviceId: 'google-drive',
-      requiredScopes: ['https://www.googleapis.com/auth/drive.file'],
+      requiredScopes: [
+        'https://www.googleapis.com/auth/drive.readonly',
+        'https://www.googleapis.com/auth/drive.file',
+      ],
       mimeType: 'application/vnd.google-apps.folder',
       placeholder: 'Select a folder to list files from',
       mode: 'basic',
diff --git a/apps/sim/lib/auth.ts b/apps/sim/lib/auth.ts
index 5dd170ad914..a318bfc7599 100644
--- a/apps/sim/lib/auth.ts
+++ b/apps/sim/lib/auth.ts
@@ -425,6 +425,7 @@ export const auth = betterAuth({
           scopes: [
             'https://www.googleapis.com/auth/userinfo.email',
             'https://www.googleapis.com/auth/userinfo.profile',
+            'https://www.googleapis.com/auth/drive.readonly',
             'https://www.googleapis.com/auth/drive.file',
           ],
           prompt: 'consent',
@@ -439,6 +440,7 @@ export const auth = betterAuth({
           scopes: [
             'https://www.googleapis.com/auth/userinfo.email',
             'https://www.googleapis.com/auth/userinfo.profile',
+            'https://www.googleapis.com/auth/drive.readonly',
             'https://www.googleapis.com/auth/drive.file',
           ],
           prompt: 'consent',
@@ -453,6 +455,7 @@ export const auth = betterAuth({
           scopes: [
             'https://www.googleapis.com/auth/userinfo.email',
             'https://www.googleapis.com/auth/userinfo.profile',
+            'https://www.googleapis.com/auth/drive.readonly',
             'https://www.googleapis.com/auth/drive.file',
           ],
           prompt: 'consent',
diff --git a/apps/sim/lib/oauth/oauth.ts b/apps/sim/lib/oauth/oauth.ts
index 803100b752a..cf88a824994 100644
--- a/apps/sim/lib/oauth/oauth.ts
+++ b/apps/sim/lib/oauth/oauth.ts
@@ -121,7 +121,10 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
         providerId: 'google-drive',
         icon: (props) => GoogleDriveIcon(props),
         baseProviderIcon: (props) => GoogleIcon(props),
-        scopes: ['https://www.googleapis.com/auth/drive.file'],
+        scopes: [
+          'https://www.googleapis.com/auth/drive.readonly',
+          'https://www.googleapis.com/auth/drive.file',
+        ],
       },
       'google-docs': {
         id: 'google-docs',
@@ -130,7 +133,10 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
         providerId: 'google-docs',
         icon: (props) => GoogleDocsIcon(props),
         baseProviderIcon: (props) => GoogleIcon(props),
-        scopes: ['https://www.googleapis.com/auth/drive.file'],
+        scopes: [
+          'https://www.googleapis.com/auth/drive.readonly',
+          'https://www.googleapis.com/auth/drive.file',
+        ],
       },
       'google-sheets': {
         id: 'google-sheets',
@@ -139,7 +145,10 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
         providerId: 'google-sheets',
         icon: (props) => GoogleSheetsIcon(props),
         baseProviderIcon: (props) => GoogleIcon(props),
-        scopes: ['https://www.googleapis.com/auth/drive.file'],
+        scopes: [
+          'https://www.googleapis.com/auth/drive.readonly',
+          'https://www.googleapis.com/auth/drive.file',
+        ],
       },
       'google-forms': {
         id: 'google-forms',
diff --git a/apps/sim/tools/google_docs/create.ts b/apps/sim/tools/google_docs/create.ts
index 4f025f4d79d..3a21a715af2 100644
--- a/apps/sim/tools/google_docs/create.ts
+++ b/apps/sim/tools/google_docs/create.ts
@@ -13,7 +13,10 @@ export const createTool: ToolConfig<GoogleDocsToolParams, GoogleDocsCreateRespon
   oauth: {
     required: true,
     provider: 'google-docs',
-    additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
+    additionalScopes: [
+      'https://www.googleapis.com/auth/drive.readonly',
+      'https://www.googleapis.com/auth/drive.file',
+    ],
   },
 
   params: {
diff --git a/apps/sim/tools/google_docs/read.ts b/apps/sim/tools/google_docs/read.ts
index b118ac0a2e8..5a9a1d23164 100644
--- a/apps/sim/tools/google_docs/read.ts
+++ b/apps/sim/tools/google_docs/read.ts
@@ -11,7 +11,10 @@ export const readTool: ToolConfig<GoogleDocsToolParams, GoogleDocsReadResponse>
   oauth: {
     required: true,
     provider: 'google-docs',
-    additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
+    additionalScopes: [
+      'https://www.googleapis.com/auth/drive.readonly',
+      'https://www.googleapis.com/auth/drive.file',
+    ],
   },
 
   params: {
diff --git a/apps/sim/tools/google_docs/write.ts b/apps/sim/tools/google_docs/write.ts
index 51b5bcb34a5..a82b6b4648c 100644
--- a/apps/sim/tools/google_docs/write.ts
+++ b/apps/sim/tools/google_docs/write.ts
@@ -9,7 +9,10 @@ export const writeTool: ToolConfig<GoogleDocsToolParams, GoogleDocsWriteResponse
   oauth: {
     required: true,
     provider: 'google-docs',
-    additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
+    additionalScopes: [
+      'https://www.googleapis.com/auth/drive.readonly',
+      'https://www.googleapis.com/auth/drive.file',
+    ],
   },
   params: {
     accessToken: {
diff --git a/apps/sim/tools/google_drive/create_folder.ts b/apps/sim/tools/google_drive/create_folder.ts
index b693e027bce..964b9d2402a 100644
--- a/apps/sim/tools/google_drive/create_folder.ts
+++ b/apps/sim/tools/google_drive/create_folder.ts
@@ -10,7 +10,10 @@ export const createFolderTool: ToolConfig<GoogleDriveToolParams, GoogleDriveUplo
   oauth: {
     required: true,
     provider: 'google-drive',
-    additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
+    additionalScopes: [
+      'https://www.googleapis.com/auth/drive.readonly',
+      'https://www.googleapis.com/auth/drive.file',
+    ],
   },
 
   params: {
diff --git a/apps/sim/tools/google_drive/get_content.ts b/apps/sim/tools/google_drive/get_content.ts
index 6c8b0bff77e..168436cd37c 100644
--- a/apps/sim/tools/google_drive/get_content.ts
+++ b/apps/sim/tools/google_drive/get_content.ts
@@ -18,7 +18,10 @@ export const getContentTool: ToolConfig<GoogleDriveToolParams, GoogleDriveGetCon
   oauth: {
     required: true,
     provider: 'google-drive',
-    additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
+    additionalScopes: [
+      'https://www.googleapis.com/auth/drive.readonly',
+      'https://www.googleapis.com/auth/drive.file',
+    ],
   },
 
   params: {
diff --git a/apps/sim/tools/google_drive/list.ts b/apps/sim/tools/google_drive/list.ts
index 34b43f2ee61..9fa24c6efe4 100644
--- a/apps/sim/tools/google_drive/list.ts
+++ b/apps/sim/tools/google_drive/list.ts
@@ -10,7 +10,10 @@ export const listTool: ToolConfig<GoogleDriveToolParams, GoogleDriveListResponse
   oauth: {
     required: true,
     provider: 'google-drive',
-    additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
+    additionalScopes: [
+      'https://www.googleapis.com/auth/drive.readonly',
+      'https://www.googleapis.com/auth/drive.file',
+    ],
   },
 
   params: {
diff --git a/apps/sim/tools/google_drive/upload.ts b/apps/sim/tools/google_drive/upload.ts
index e2bd487f67c..7be10cce3b0 100644
--- a/apps/sim/tools/google_drive/upload.ts
+++ b/apps/sim/tools/google_drive/upload.ts
@@ -18,7 +18,10 @@ export const uploadTool: ToolConfig<GoogleDriveToolParams, GoogleDriveUploadResp
   oauth: {
     required: true,
     provider: 'google-drive',
-    additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
+    additionalScopes: [
+      'https://www.googleapis.com/auth/drive.readonly',
+      'https://www.googleapis.com/auth/drive.file',
+    ],
   },
 
   params: {