diff --git a/app/graphql/types/branch_protections/push_access_level_type.rb b/app/graphql/types/branch_protections/push_access_level_type.rb
new file mode 100644
index 0000000000000000000000000000000000000000..bfbdc4edbea1d9e331e60a68a1d89b2604688fd9
--- /dev/null
+++ b/app/graphql/types/branch_protections/push_access_level_type.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Types
+  module BranchProtections
+    class PushAccessLevelType < BaseAccessLevelType # rubocop:disable Graphql/AuthorizeTypes
+      graphql_name 'PushAccessLevel'
+      description 'Represents the push access level of a branch protection.'
+      accepts ::ProtectedBranch::PushAccessLevel
+    end
+  end
+end
diff --git a/app/graphql/types/branch_rules/branch_protection_type.rb b/app/graphql/types/branch_rules/branch_protection_type.rb
index 02379dcf5582ff3ff6cad2f991bafd7268857b59..d475abb86659cf5e7c0d36fc9341b9efc1296f84 100644
--- a/app/graphql/types/branch_rules/branch_protection_type.rb
+++ b/app/graphql/types/branch_rules/branch_protection_type.rb
@@ -13,6 +13,11 @@ class BranchProtectionType < BaseObject
             null: true,
             description: 'Details about who can merge when this branch is the source branch.'
 
+      field :push_access_levels,
+            type: Types::BranchProtections::PushAccessLevelType.connection_type,
+            null: true,
+            description: 'Details about who can push when this branch is the source branch.'
+
       field :allow_force_push,
             type: GraphQL::Types::Boolean,
             null: false,
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index ebe922239c9e5d8f1b94c0d162d921bb14cb18b1..fd36ec083ad94ff3a004b9212bd6e368294ba638 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -8418,6 +8418,29 @@ The edge type for [`ProjectMember`](#projectmember).
 | <a id="projectmemberedgecursor"></a>`cursor` | [`String!`](#string) | A cursor for use in pagination. |
 | <a id="projectmemberedgenode"></a>`node` | [`ProjectMember`](#projectmember) | The item at the end of the edge. |
 
+#### `PushAccessLevelConnection`
+
+The connection type for [`PushAccessLevel`](#pushaccesslevel).
+
+##### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="pushaccesslevelconnectionedges"></a>`edges` | [`[PushAccessLevelEdge]`](#pushaccessleveledge) | A list of edges. |
+| <a id="pushaccesslevelconnectionnodes"></a>`nodes` | [`[PushAccessLevel]`](#pushaccesslevel) | A list of nodes. |
+| <a id="pushaccesslevelconnectionpageinfo"></a>`pageInfo` | [`PageInfo!`](#pageinfo) | Information to aid in pagination. |
+
+#### `PushAccessLevelEdge`
+
+The edge type for [`PushAccessLevel`](#pushaccesslevel).
+
+##### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="pushaccessleveledgecursor"></a>`cursor` | [`String!`](#string) | A cursor for use in pagination. |
+| <a id="pushaccessleveledgenode"></a>`node` | [`PushAccessLevel`](#pushaccesslevel) | The item at the end of the edge. |
+
 #### `ReleaseAssetLinkConnection`
 
 The connection type for [`ReleaseAssetLink`](#releaseassetlink).
@@ -10107,6 +10130,7 @@ Branch protection details for a branch rule.
 | ---- | ---- | ----------- |
 | <a id="branchprotectionallowforcepush"></a>`allowForcePush` | [`Boolean!`](#boolean) | Toggle force push to the branch for users with write access. |
 | <a id="branchprotectionmergeaccesslevels"></a>`mergeAccessLevels` | [`MergeAccessLevelConnection`](#mergeaccesslevelconnection) | Details about who can merge when this branch is the source branch. (see [Connections](#connections)) |
+| <a id="branchprotectionpushaccesslevels"></a>`pushAccessLevels` | [`PushAccessLevelConnection`](#pushaccesslevelconnection) | Details about who can push when this branch is the source branch. (see [Connections](#connections)) |
 
 ### `BranchRule`
 
@@ -17109,6 +17133,17 @@ The alert condition for Prometheus.
 | <a id="prometheusalerthumanizedtext"></a>`humanizedText` | [`String!`](#string) | Human-readable text of the alert condition. |
 | <a id="prometheusalertid"></a>`id` | [`ID!`](#id) | ID of the alert condition. |
 
+### `PushAccessLevel`
+
+Represents the push access level of a branch protection.
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="pushaccesslevelaccesslevel"></a>`accessLevel` | [`Int!`](#int) | GitLab::Access level. |
+| <a id="pushaccesslevelaccessleveldescription"></a>`accessLevelDescription` | [`String!`](#string) | Human readable representation for this access level. |
+
 ### `PushRules`
 
 Represents rules that commit pushes must follow.
diff --git a/spec/graphql/types/branch_protection_type_spec.rb b/spec/graphql/types/branch_protection_type_spec.rb
index 5891df666c5e536a6811f4bc125132114d089020..40f6a852813da84efa784f634c417882e42a6aa1 100644
--- a/spec/graphql/types/branch_protection_type_spec.rb
+++ b/spec/graphql/types/branch_protection_type_spec.rb
@@ -5,7 +5,7 @@
 RSpec.describe GitlabSchema.types['BranchProtection'] do
   subject { described_class }
 
-  let(:fields) { %i[merge_access_levels allow_force_push] }
+  let(:fields) { %i[merge_access_levels push_access_levels allow_force_push] }
 
   specify { is_expected.to require_graphql_authorizations(:read_protected_branch) }
 
diff --git a/spec/graphql/types/branch_protections/push_access_level_type_spec.rb b/spec/graphql/types/branch_protections/push_access_level_type_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..c78c0bda74c9094510926c2330bde4b971059795
--- /dev/null
+++ b/spec/graphql/types/branch_protections/push_access_level_type_spec.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe GitlabSchema.types['PushAccessLevel'] do
+  subject { described_class }
+
+  let(:fields) { %i[access_level access_level_description] }
+
+  specify { is_expected.to require_graphql_authorizations(:read_protected_branch) }
+
+  specify { is_expected.to have_graphql_fields(fields).at_least }
+end
diff --git a/spec/requests/api/graphql/project/branch_protections/push_access_levels_spec.rb b/spec/requests/api/graphql/project/branch_protections/push_access_levels_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..59f9c7d61cb2988e5c6b66542e1e0082a6d39db7
--- /dev/null
+++ b/spec/requests/api/graphql/project/branch_protections/push_access_levels_spec.rb
@@ -0,0 +1,109 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'getting push access levels for a branch protection' do
+  include GraphqlHelpers
+
+  let_it_be(:current_user) { create(:user) }
+
+  let(:push_access_level_data) { push_access_levels_data[0] }
+
+  let(:push_access_levels_data) do
+    graphql_data_at('project',
+                    'branchRules',
+                    'nodes',
+                    0,
+                    'branchProtection',
+                    'pushAccessLevels',
+                    'nodes')
+  end
+
+  let(:project) { protected_branch.project }
+
+  let(:push_access_levels_count) { protected_branch.push_access_levels.size }
+
+  let(:variables) { { path: project.full_path } }
+
+  let(:fields) { all_graphql_fields_for('PushAccessLevel'.classify) }
+
+  let(:query) do
+    <<~GQL
+    query($path: ID!) {
+      project(fullPath: $path) {
+        branchRules(first: 1) {
+          nodes {
+            branchProtection {
+              pushAccessLevels {
+                nodes {
+                  #{fields}
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+    GQL
+  end
+
+  context 'when the user does not have read_protected_branch abilities' do
+    let_it_be(:protected_branch) { create(:protected_branch) }
+
+    before do
+      project.add_guest(current_user)
+      post_graphql(query, current_user: current_user, variables: variables)
+    end
+
+    it_behaves_like 'a working graphql query'
+
+    it { expect(push_access_levels_data).not_to be_present }
+  end
+
+  shared_examples 'push access request' do
+    let(:push_access) { protected_branch.push_access_levels.first }
+
+    before do
+      project.add_maintainer(current_user)
+      post_graphql(query, current_user: current_user, variables: variables)
+    end
+
+    it_behaves_like 'a working graphql query'
+
+    it 'returns all push access levels' do
+      expect(push_access_levels_data.size).to eq(push_access_levels_count)
+    end
+
+    it 'includes access_level' do
+      expect(push_access_level_data['accessLevel'])
+        .to eq(push_access.access_level)
+    end
+
+    it 'includes access_level_description' do
+      expect(push_access_level_data['accessLevelDescription'])
+        .to eq(push_access.humanize)
+    end
+  end
+
+  context 'when the user does have read_protected_branch abilities' do
+    let(:push_access) { protected_branch.push_access_levels.first }
+
+    context 'when no one has access' do
+      let_it_be(:protected_branch) { create(:protected_branch, :no_one_can_push) }
+
+      it_behaves_like 'push access request'
+    end
+
+    context 'when developers have access' do
+      let_it_be(:protected_branch) { create(:protected_branch, :developers_can_push) }
+
+      it_behaves_like 'push access request'
+    end
+
+    context 'when maintainers have access' do
+      let_it_be(:protected_branch) { create(:protected_branch, :maintainers_can_push) }
+
+      it_behaves_like 'push access request'
+    end
+  end
+end