diff --git a/.github/workflows/release-preview.yml b/.github/workflows/release-preview.yml
index 16aa9e5c5..c2e06a8b1 100644
--- a/.github/workflows/release-preview.yml
+++ b/.github/workflows/release-preview.yml
@@ -6,10 +6,26 @@ on:
   workflow_dispatch:
 
 jobs:
+  check:
+    # Check the user approving this pull request.
+    # They must have the write access to the repo
+    # to trigger the preview publish.
+    if: github.event.review.state == 'approved'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check permissions
+        id: checkPermissions
+        uses: actions-cool/check-user-permission@v2
+        with:
+          require: 'write'
+
+      - if: steps.checkPermissions.outputs.check-result == 'false'
+        run: exit 1
+
   preview:
-    # Publish previews only for approved pull requests.
-    # The reviewer must have push persmissions to trigger this job.
-    if: github.event.review.state == 'approved' && github.event.review.user.permissions.push == true
+    # The approving user must pass the permissions check
+    # to trigger the preview publish.
+    needs: check
     runs-on: macos-latest
     steps:
       - name: Checkout