diff --git a/.github/workflows/release-preview.yml b/.github/workflows/release-preview.yml
index 16aa9e5c5..6fa1d8dc8 100644
--- a/.github/workflows/release-preview.yml
+++ b/.github/workflows/release-preview.yml
@@ -6,10 +6,26 @@ on:
   workflow_dispatch:
 
 jobs:
+  check:
+    # Trigger the permissions check whenever someone approves a pull request.
+    # They must have the write permissions to the repo in order to
+    # trigger preview package publishing.
+    if: github.event.review.state == 'approved'
+    runs-on: ubuntu-latest
+    outputs:
+      has-permissions: ${{ steps.checkPermissions.outputs.require-result }}
+    steps:
+      - name: Check permissions
+        id: checkPermissions
+        uses: actions-cool/check-user-permission@v2
+        with:
+          require: 'write'
+
   preview:
-    # Publish previews only for approved pull requests.
-    # The reviewer must have push persmissions to trigger this job.
-    if: github.event.review.state == 'approved' && github.event.review.user.permissions.push == true
+    # The approving user must pass the permissions check
+    # to trigger the preview publish.
+    needs: check
+    if: needs.check.outputs.has-permissions == 'true'
     runs-on: macos-latest
     steps:
       - name: Checkout