diff --git a/CHANGELOG b/CHANGELOG
index ef8c72f4aa2..3a61ce4c0d6 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -20,6 +20,7 @@ v 8.10.2 (unreleased)
   - Disable MySQL foreign key checks before dropping all tables. !5472
   - Use project ID in repository cache to prevent stale data from persisting across projects. !5460
   - Ensure relative paths for video are rewritten as we do for images. !5474
+  - Ensure current user can retry a build before showing the 'Retry' button. !5476
 
 v 8.10.1
   - Refactor repository storages documentation. !5428
diff --git a/app/views/projects/builds/_sidebar.html.haml b/app/views/projects/builds/_sidebar.html.haml
index dc57b49f27a..b89183c40dc 100644
--- a/app/views/projects/builds/_sidebar.html.haml
+++ b/app/views/projects/builds/_sidebar.html.haml
@@ -40,7 +40,7 @@
   .block{ class: ("block-first" if !@build.coverage && !(can?(current_user, :read_build, @project) && (@build.artifacts? || @build.artifacts_expired?))) }
     .title
       Build details
-      - if @build.retryable?
+      - if can?(current_user, :update_build, @build) && @build.retryable?
         = link_to "Retry", retry_namespace_project_build_path(@project.namespace, @project, @build), class: 'pull-right', method: :post
     - if @build.merge_request
       %p.build-detail-row
diff --git a/spec/features/builds_spec.rb b/spec/features/builds_spec.rb
index cab3dc1d167..0cfeb2e57d8 100644
--- a/spec/features/builds_spec.rb
+++ b/spec/features/builds_spec.rb
@@ -199,9 +199,13 @@ describe "Builds" do
         click_link 'Retry'
       end
 
-      it { expect(page.status_code).to eq(200) }
-      it { expect(page).to have_content 'pending' }
-      it { expect(page).to have_content 'Cancel' }
+      it 'shows the right status and buttons' do
+        expect(page).to have_http_status(200)
+        expect(page).to have_content 'pending'
+        page.within('aside.right-sidebar') do
+          expect(page).to have_content 'Cancel'
+        end
+      end
     end
 
     context "Build from other project" do
@@ -212,7 +216,25 @@ describe "Builds" do
         page.driver.post(retry_namespace_project_build_path(@project.namespace, @project, @build2))
       end
 
-      it { expect(page.status_code).to eq(404) }
+      it { expect(page).to have_http_status(404) }
+    end
+
+    context "Build that current user is not allowed to retry" do
+      before do
+        @build.run!
+        @build.cancel!
+        @project.update(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+
+        logout_direct
+        login_with(create(:user))
+        visit namespace_project_build_path(@project.namespace, @project, @build)
+      end
+
+      it 'does not show the Retry button' do
+        page.within('aside.right-sidebar') do
+          expect(page).not_to have_content 'Retry'
+        end
+      end
     end
   end