diff --git a/app/graphql/types/group_type.rb b/app/graphql/types/group_type.rb
index 5fd6ee948d3d7b1836ed3a7e7a94e4ae85f2997a..7b8192dd5dffeeab4591cc12e0ea235c09df3ed3 100644
--- a/app/graphql/types/group_type.rb
+++ b/app/graphql/types/group_type.rb
@@ -87,6 +87,7 @@ class GroupType < NamespaceType
           Types::Ci::GroupEnvironmentScopeType.connection_type,
           description: 'Environment scopes of the group.',
           null: true,
+          authorize: :admin_group,
           resolver: Resolvers::GroupEnvironmentScopesResolver
 
     field :milestones,
diff --git a/spec/graphql/types/group_type_spec.rb b/spec/graphql/types/group_type_spec.rb
index 0fbf50fe258bc77807a8671ad3c9f33a9cd33a3c..b1226b89cfb0c75709341ce43ab301af9749f295 100644
--- a/spec/graphql/types/group_type_spec.rb
+++ b/spec/graphql/types/group_type_spec.rb
@@ -26,7 +26,7 @@
       dependency_proxy_image_prefix dependency_proxy_image_ttl_policy
       shared_runners_setting timelogs organization_state_counts organizations
       contact_state_counts contacts work_item_types
-      recent_issue_boards ci_variables releases
+      recent_issue_boards ci_variables releases environment_scopes
     ]
 
     expect(described_class).to include_graphql_fields(*expected_fields)
diff --git a/spec/requests/api/graphql/ci/group_environment_scopes_spec.rb b/spec/requests/api/graphql/ci/group_environment_scopes_spec.rb
index 13a3a128979ff3440a2abd69d75bcec2eab2dadb..d224fdbdc326395d2747d5b1a922b924a2770d66 100644
--- a/spec/requests/api/graphql/ci/group_environment_scopes_spec.rb
+++ b/spec/requests/api/graphql/ci/group_environment_scopes_spec.rb
@@ -33,36 +33,55 @@
   end
 
   before do
-    group.add_developer(user)
     expected_environment_scopes.each_with_index do |env, index|
       create(:ci_group_variable, group: group, key: "var#{index + 1}", environment_scope: env)
     end
   end
 
-  context 'when query has no parameters' do
-    let(:environment_scopes_params) { "" }
+  context 'when the user can administer the group' do
+    before do
+      group.add_owner(user)
+    end
 
-    it 'returns all avaiable environment scopes' do
-      post_graphql(query, current_user: user)
+    context 'when query has no parameters' do
+      let(:environment_scopes_params) { "" }
 
-      expect(graphql_data.dig('group', 'environmentScopes', 'nodes')).to eq(
-        expected_environment_scopes.map { |env_scope| { 'name' => env_scope } }
-      )
+      it 'returns all avaiable environment scopes' do
+        post_graphql(query, current_user: user)
+
+        expect(graphql_data.dig('group', 'environmentScopes', 'nodes')).to eq(
+          expected_environment_scopes.map { |env_scope| { 'name' => env_scope } }
+        )
+      end
+    end
+
+    context 'when query has search parameters' do
+      let(:environment_scopes_params) { "(search: \"group1\")" }
+
+      it 'returns only environment scopes with group1 prefix' do
+        post_graphql(query, current_user: user)
+
+        expect(graphql_data.dig('group', 'environmentScopes', 'nodes')).to eq(
+          [
+            { 'name' => 'group1_environment1' },
+            { 'name' => 'group1_environment2' }
+          ]
+        )
+      end
     end
   end
 
-  context 'when query has search parameters' do
-    let(:environment_scopes_params) { "(search: \"group1\")" }
+  context 'when the user cannot administer the group' do
+    let(:environment_scopes_params) { "" }
+
+    before do
+      group.add_developer(user)
+    end
 
-    it 'returns only environment scopes with group1 prefix' do
+    it 'returns nothing' do
       post_graphql(query, current_user: user)
 
-      expect(graphql_data.dig('group', 'environmentScopes', 'nodes')).to eq(
-        [
-          { 'name' => 'group1_environment1' },
-          { 'name' => 'group1_environment2' }
-        ]
-      )
+      expect(graphql_data.dig('group', 'environmentScopes')).to be_nil
     end
   end
 end