diff --git a/app/views/projects/settings/access_tokens/index.html.haml b/app/views/projects/settings/access_tokens/index.html.haml
index 150f1a8c5f780e3c87752388666120143420ac10..01f3e441eef50bf011051bf86a1c1ab1c40713a3 100644
--- a/app/views/projects/settings/access_tokens/index.html.haml
+++ b/app/views/projects/settings/access_tokens/index.html.haml
@@ -17,8 +17,9 @@
     - else
       = _('Project access token creation is disabled in this group. You can still use and manage existing tokens.')
       %p
-      - if current_user.can?(:admin_group, @project.group)
-        - group_settings_link = edit_group_path(@project.group)
+      - root_group = @project.group.root_ancestor
+      - if current_user.can?(:admin_group, root_group)
+        - group_settings_link = edit_group_path(root_group)
         - link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: group_settings_link }
         = _('You can enable project access token creation in %{link_start}group settings%{link_end}.').html_safe % { link_start: link_start, link_end: '</a>'.html_safe }
 
diff --git a/changelogs/unreleased/sfang-fix-group-settings-link.yml b/changelogs/unreleased/sfang-fix-group-settings-link.yml
new file mode 100644
index 0000000000000000000000000000000000000000..57370c895aa3fa77ca3d6a7e2883844ad6a1f927
--- /dev/null
+++ b/changelogs/unreleased/sfang-fix-group-settings-link.yml
@@ -0,0 +1,5 @@
+---
+title: Fix project access token creation group settings link
+merge_request: 58686
+author:
+type: fixed
diff --git a/spec/features/projects/settings/access_tokens_spec.rb b/spec/features/projects/settings/access_tokens_spec.rb
index efa584764a9812203b7b226f711291bc0b2493bc..8083c851bb707f00ad04eaa7283c202ec7c1bd20 100644
--- a/spec/features/projects/settings/access_tokens_spec.rb
+++ b/spec/features/projects/settings/access_tokens_spec.rb
@@ -116,6 +116,22 @@ def created_project_access_token
           end
         end
 
+        context 'with nested groups' do
+          let(:subgroup) { create(:group, parent: group) }
+
+          context 'when user is not a top level group owner' do
+            before do
+              subgroup.add_owner(user)
+            end
+
+            it 'does not show group settings link' do
+              visit project_settings_access_tokens_path(project)
+
+              expect(page).not_to have_link('group settings', href: edit_group_path(group))
+            end
+          end
+        end
+
         context 'when user is a group owner' do
           before do
             group.add_owner(user)