diff --git a/CHANGELOG b/CHANGELOG
index ef8c72f4aa21c8928fe1247104cb3c9087985b8b..3a61ce4c0d630832d82bfeaa1481b5817ba06bf1 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -20,6 +20,7 @@ v 8.10.2 (unreleased)
   - Disable MySQL foreign key checks before dropping all tables. !5472
   - Use project ID in repository cache to prevent stale data from persisting across projects. !5460
   - Ensure relative paths for video are rewritten as we do for images. !5474
+  - Ensure current user can retry a build before showing the 'Retry' button. !5476
 
 v 8.10.1
   - Refactor repository storages documentation. !5428
diff --git a/app/views/projects/builds/_sidebar.html.haml b/app/views/projects/builds/_sidebar.html.haml
index dc57b49f27a7386b45db0f36f663298c727f2d8f..b89183c40dce57d600ebd94d3d88248031d3516c 100644
--- a/app/views/projects/builds/_sidebar.html.haml
+++ b/app/views/projects/builds/_sidebar.html.haml
@@ -40,7 +40,7 @@
   .block{ class: ("block-first" if !@build.coverage && !(can?(current_user, :read_build, @project) && (@build.artifacts? || @build.artifacts_expired?))) }
     .title
       Build details
-      - if @build.retryable?
+      - if can?(current_user, :update_build, @build) && @build.retryable?
         = link_to "Retry", retry_namespace_project_build_path(@project.namespace, @project, @build), class: 'pull-right', method: :post
     - if @build.merge_request
       %p.build-detail-row
diff --git a/spec/features/builds_spec.rb b/spec/features/builds_spec.rb
index cab3dc1d167c8672259767e2512d185a4dcff864..0cfeb2e57d8ebd32ef8cb8bec9b571b6f1b4e626 100644
--- a/spec/features/builds_spec.rb
+++ b/spec/features/builds_spec.rb
@@ -199,9 +199,13 @@
         click_link 'Retry'
       end
 
-      it { expect(page.status_code).to eq(200) }
-      it { expect(page).to have_content 'pending' }
-      it { expect(page).to have_content 'Cancel' }
+      it 'shows the right status and buttons' do
+        expect(page).to have_http_status(200)
+        expect(page).to have_content 'pending'
+        page.within('aside.right-sidebar') do
+          expect(page).to have_content 'Cancel'
+        end
+      end
     end
 
     context "Build from other project" do
@@ -212,7 +216,25 @@
         page.driver.post(retry_namespace_project_build_path(@project.namespace, @project, @build2))
       end
 
-      it { expect(page.status_code).to eq(404) }
+      it { expect(page).to have_http_status(404) }
+    end
+
+    context "Build that current user is not allowed to retry" do
+      before do
+        @build.run!
+        @build.cancel!
+        @project.update(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+
+        logout_direct
+        login_with(create(:user))
+        visit namespace_project_build_path(@project.namespace, @project, @build)
+      end
+
+      it 'does not show the Retry button' do
+        page.within('aside.right-sidebar') do
+          expect(page).not_to have_content 'Retry'
+        end
+      end
     end
   end