diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index b0818d1de6cf00ec79168e4230c2e4043612c7a4..cb746db6496f141100ead8514343d9ecd2ec3651 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -631,7 +631,6 @@ class ProjectPolicy < BasePolicy
     prevent :read_commit_status
     prevent :read_pipeline
     prevent :read_pipeline_schedule
-    prevent(*create_read_update_admin_destroy(:release))
     prevent(*create_read_update_admin_destroy(:feature_flag))
     prevent(:admin_feature_flags_user_lists)
   end
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index 0ee9c24ee9b1ab593ba3425abb6d1dd8a3f9cb4f..14ac5f3c503ca98186b86e20b2c57d73c54f72b1 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -323,7 +323,7 @@ def set_access_level(access_level)
         :create_environment, :read_environment, :update_environment, :admin_environment, :destroy_environment,
         :create_cluster, :read_cluster, :update_cluster, :admin_cluster,
         :create_deployment, :read_deployment, :update_deployment, :admin_deployment, :destroy_deployment,
-        :destroy_release, :download_code, :build_download_code
+        :download_code, :build_download_code
       ]
     end
 
diff --git a/spec/requests/api/release/links_spec.rb b/spec/requests/api/release/links_spec.rb
index 57b2e0059296044b6b337bcfe1d40fefb62facc0..38166c5ce97bba1bfb7c9ca36052deb88a94a815 100644
--- a/spec/requests/api/release/links_spec.rb
+++ b/spec/requests/api/release/links_spec.rb
@@ -81,24 +81,20 @@
       end
 
       context 'when project is public' do
-        let(:project) { create(:project, :repository, :public) }
+        before do
+          project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+        end
 
         it 'allows the request' do
           get api("/projects/#{project.id}/releases/v0.1/assets/links", non_project_member)
 
           expect(response).to have_gitlab_http_status(:ok)
         end
-      end
-
-      context 'when project is public and the repository is private' do
-        let(:project) { create(:project, :repository, :public, :repository_private) }
-
-        it_behaves_like '403 response' do
-          let(:request) { get api("/projects/#{project.id}/releases/v0.1/assets/links", non_project_member) }
-        end
 
-        context 'when the release does not exists' do
-          let!(:release) {}
+        context 'and the releases are private' do
+          before do
+            project.project_feature.update!(releases_access_level: ProjectFeature::PRIVATE)
+          end
 
           it_behaves_like '403 response' do
             let(:request) { get api("/projects/#{project.id}/releases/v0.1/assets/links", non_project_member) }