diff --git a/app/graphql/types/ci/job_base_field.rb b/app/graphql/types/ci/job_base_field.rb
index f5bdd2260b554bbdd07cc5dc4144f6c30a3be18e..979f17484946f995320f4e02921a52db10e16b0e 100644
--- a/app/graphql/types/ci/job_base_field.rb
+++ b/app/graphql/types/ci/job_base_field.rb
@@ -7,7 +7,15 @@ module Ci
     # rubocop: disable Graphql/AuthorizeTypes
     class JobBaseField < ::Types::BaseField
       PUBLIC_FIELDS = %i[allow_failure duration id kind status created_at finished_at queued_at queued_duration
-        updated_at runner short_sha].freeze
+        updated_at runner].freeze
+
+      attr_accessor :if_unauthorized
+
+      def initialize(**kwargs, &block)
+        @if_unauthorized = kwargs.delete(:if_unauthorized)
+
+        super
+      end
 
       def authorized?(object, args, ctx)
         current_user = ctx[:current_user]
diff --git a/app/graphql/types/ci/job_type.rb b/app/graphql/types/ci/job_type.rb
index 976103e1510ac30d71869e30f2b7c070db3e864f..490ab397d468d03ca3aa3038e34ffb4e87b38abd 100644
--- a/app/graphql/types/ci/job_type.rb
+++ b/app/graphql/types/ci/job_type.rb
@@ -105,7 +105,8 @@ class JobType < BaseObject
       field :scheduling_type, GraphQL::Types::String, null: true,
                                                       description: 'Type of job scheduling. Value is `dag` if the job uses the `needs` keyword, and `stage` otherwise.'
       field :short_sha, type: GraphQL::Types::String, null: false,
-                        description: 'Short SHA1 ID of the commit.'
+                        description: 'Short SHA1 ID of the commit.',
+                        if_unauthorized: 'Unauthorized'
       field :stuck, GraphQL::Types::Boolean, null: false, method: :stuck?,
                                              description: 'Indicates the job is stuck.'
       field :trace, Types::Ci::JobTraceType, null: true,
diff --git a/spec/graphql/types/ci/job_base_field_spec.rb b/spec/graphql/types/ci/job_base_field_spec.rb
index e9b1407d249a5e1c1a4d12a31d94f76b62e5a47a..2d283ce854d7bc585f935f4ed7c9c698a3b95fb8 100644
--- a/spec/graphql/types/ci/job_base_field_spec.rb
+++ b/spec/graphql/types/ci/job_base_field_spec.rb
@@ -22,8 +22,7 @@
         using RSpec::Parameterized::TableSyntax
 
         where(:current_field_name) do
-          %i[allow_failure duration id kind status created_at finished_at queued_at queued_duration updated_at runner
-            short_sha]
+          %i[allow_failure duration id kind status created_at finished_at queued_at queued_duration updated_at runner]
         end
 
         with_them do
@@ -34,7 +33,7 @@
       end
 
       context 'with private field' do
-        let(:current_field_name) { 'private_field' }
+        let(:current_field_name) { 'short_sha' }
 
         context 'when permission is not allowed' do
           it 'returns false' do
diff --git a/spec/requests/api/graphql/ci/runner_spec.rb b/spec/requests/api/graphql/ci/runner_spec.rb
index 3d7020b03b7361d4275085d439ca8a3b65f93c87..388c284d83cf0b39c598357acde70996181a4dbb 100644
--- a/spec/requests/api/graphql/ci/runner_spec.rb
+++ b/spec/requests/api/graphql/ci/runner_spec.rb
@@ -411,7 +411,7 @@
               status: other_build.status.upcase,
               project: nil, tags: nil, web_path: nil,
               runner: a_graphql_entity_for(project_runner),
-              short_sha: other_build.short_sha, finished_at: other_build.finished_at&.iso8601,
+              short_sha: 'Unauthorized', finished_at: other_build.finished_at&.iso8601,
               duration: a_value_within(0.001).of(other_build.duration),
               queued_duration: a_value_within(0.001).of((other_build.started_at - other_build.queued_at).to_f)),
             a_graphql_entity_for(owned_build,