diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index bbb0e3df500777b9c572df2ce5f33f5542fe8ecf..899603664389ab7a838b393cff4278576bfbad79 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -194,7 +194,9 @@ class ProjectPolicy < BasePolicy
   end
 
   with_scope :subject
-  condition(:model_registry_enabled) { Feature.enabled?(:model_registry, @subject) }
+  condition(:model_registry_enabled) do
+    Feature.enabled?(:model_registry, @subject) && @subject.feature_available?(:model_registry, @user)
+  end
 
   with_scope :subject
   condition(:resource_access_token_feature_available) do
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index fda889ff422b033dac04822ef73be2639b7affee..853aac9a7d4858b0bd62bff72358348c69b76b11 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -3321,37 +3321,46 @@ def permissions_abilities(role)
   end
 
   describe 'read_model_registry' do
-    let(:project_with_feature) { project }
-    let(:current_user) { owner }
-
-    before do
-      stub_feature_flags(model_registry: false)
-      stub_feature_flags(model_registry: project_with_feature) if project_with_feature
-    end
+    using RSpec::Parameterized::TableSyntax
 
-    context 'feature flag is enabled' do
-      specify { is_expected.to be_allowed(:read_model_registry) }
+    where(:feature_flag_enabled, :current_user, :access_level, :allowed) do
+      false | ref(:owner)      | Featurable::ENABLED  | false
+      true  | ref(:guest)      | Featurable::ENABLED  | true
+      true  | ref(:guest)      | Featurable::PRIVATE  | true
+      true  | ref(:guest)      | Featurable::DISABLED | false
+      true  | ref(:non_member) | Featurable::ENABLED  | true
+      true  | ref(:non_member) | Featurable::PRIVATE  | false
+      true  | ref(:non_member) | Featurable::DISABLED | false
     end
+    with_them do
+      before do
+        stub_feature_flags(model_registry: feature_flag_enabled)
+        project.project_feature.update!(model_registry_access_level: access_level)
+      end
 
-    context 'feature flag is disabled' do
-      let(:project_with_feature) { nil }
-
-      specify { is_expected.not_to be_allowed(:read_model_registry) }
+      if params[:allowed]
+        it { expect_allowed(:read_model_registry) }
+      else
+        it { expect_disallowed(:read_model_registry) }
+      end
     end
   end
 
   describe 'write_model_registry' do
     using RSpec::Parameterized::TableSyntax
 
-    where(:ff_model_registry_enabled, :current_user, :allowed) do
-      true  | ref(:reporter)   | true
-      true  | ref(:guest)      | false
-      false | ref(:owner)      | false
+    where(:feature_flag_enabled, :current_user, :access_level, :allowed) do
+      false | ref(:owner)      | Featurable::ENABLED  | false
+      true  | ref(:reporter)   | Featurable::ENABLED  | true
+      true  | ref(:reporter)   | Featurable::PRIVATE  | true
+      true  | ref(:reporter)   | Featurable::DISABLED | false
+      true  | ref(:guest)      | Featurable::ENABLED  | false
+      true  | ref(:non_member) | Featurable::ENABLED  | false
     end
     with_them do
       before do
-        stub_feature_flags(model_registry: false)
-        stub_feature_flags(model_registry: project) if ff_model_registry_enabled
+        stub_feature_flags(model_registry: feature_flag_enabled)
+        project.project_feature.update!(model_registry_access_level: access_level)
       end
 
       if params[:allowed]