diff --git a/packages/server/src/api/routes/tests/permissions.spec.ts b/packages/server/src/api/routes/tests/permissions.spec.ts
index 4809244e0f..757abdc15a 100644
--- a/packages/server/src/api/routes/tests/permissions.spec.ts
+++ b/packages/server/src/api/routes/tests/permissions.spec.ts
@@ -122,15 +122,35 @@ describe("/permission", () => {
 
   describe("remove", () => {
     it("should be able to remove the permission", async () => {
-      const res = await request
-        .delete(`/api/permission/${STD_ROLE_ID}/${table._id}/read`)
-        .set(config.defaultHeaders())
-        .expect("Content-Type", /json/)
-        .expect(200)
+      const res = await config.api.permission.remove({
+        roleId: STD_ROLE_ID,
+        resourceId: table._id,
+        level: PermissionLevel.READ,
+      })
       expect(res.body[0]._id).toEqual(STD_ROLE_ID)
       const permsRes = await getTablePermissions()
       expect(permsRes.body[STD_ROLE_ID]).toBeUndefined()
     })
+
+    it("throw forbidden if the action is not allowed for the resource", async () => {
+      mockedSdk.resourceActionAllowed.mockResolvedValue({
+        allowed: false,
+        resourceType: DocumentType.DATASOURCE,
+        level: PermissionLevel.READ,
+      })
+
+      const response = await config.api.permission.remove(
+        {
+          roleId: STD_ROLE_ID,
+          resourceId: table._id,
+          level: PermissionLevel.EXECUTE,
+        },
+        { expectStatus: 403 }
+      )
+      expect(response.body.message).toEqual(
+        "You are not allowed to 'read' the resource type 'datasource'"
+      )
+    })
   })
 
   describe("check public user allowed", () => {
diff --git a/packages/server/src/tests/utilities/api/permission.ts b/packages/server/src/tests/utilities/api/permission.ts
index 650cccacd2..d5fa6d50c6 100644
--- a/packages/server/src/tests/utilities/api/permission.ts
+++ b/packages/server/src/tests/utilities/api/permission.ts
@@ -22,4 +22,20 @@ export class PermissionAPI extends TestAPI {
       .expect(expectStatus)
     return res.body
   }
+
+  remove = async (
+    {
+      roleId,
+      resourceId,
+      level,
+    }: { roleId: string; resourceId: string; level: PermissionLevel },
+    { expectStatus } = { expectStatus: 200 }
+  ) => {
+    const res = await this.request
+      .delete(`/api/permission/${roleId}/${resourceId}/${level}`)
+      .set(this.config.defaultHeaders())
+      .expect("Content-Type", /json/)
+      .expect(expectStatus)
+    return res
+  }
 }