diff --git a/app/controllers/repository_columns_controller.rb b/app/controllers/repository_columns_controller.rb
index e8cf5c688..f346e45ed 100644
--- a/app/controllers/repository_columns_controller.rb
+++ b/app/controllers/repository_columns_controller.rb
@@ -3,7 +3,8 @@ class RepositoryColumnsController < ApplicationController
 
   before_action :load_vars, except: :create
   before_action :load_vars_nested, only: :create
-  before_action :check_permissions
+  before_action :check_create_permissions, only: :create
+  before_action :check_update_and_delete_permissions, except: :create
 
   def create
     @repository_column = RepositoryColumn.new(repository_column_params)
@@ -106,10 +107,14 @@ class RepositoryColumnsController < ApplicationController
     render_404 unless @repository
   end
 
-  def check_permissions
+  def check_create_permissions
     render_403 unless can_manage_repository_column?(@repository.team)
   end
 
+  def check_update_and_delete_permissions
+    render_403 unless can_update_or_delete_repository_column?(@repository_column)
+  end
+
   def repository_column_params
     params.require(:repository_column).permit(:name)
   end
diff --git a/app/permissions/team.rb b/app/permissions/team.rb
index ba542b496..24298fcb8 100644
--- a/app/permissions/team.rb
+++ b/app/permissions/team.rb
@@ -48,7 +48,7 @@ Canaid::Permissions.register_for(Team) do
     user.is_normal_user_or_admin_of_team?(team)
   end
 
-  # create, update, delete repository column
+  # create repository column
   can :manage_repository_column do |user, team|
     user.is_normal_user_or_admin_of_team?(team)
   end
@@ -103,3 +103,10 @@ Canaid::Permissions.register_for(RepositoryRow) do
     can_manage_repository_rows?(user, repository_row.repository.team)
   end
 end
+
+Canaid::Permissions.register_for(RepositoryColumn) do
+  # update, delete repository column
+  can :update_or_delete_repository_column do |user, repository_column|
+    can_manage_repository_column?(user, repository_column.repository.team)
+  end
+end
diff --git a/app/views/repositories/_repository_table.html.erb b/app/views/repositories/_repository_table.html.erb
index 23fd4daca..0542b9469 100644
--- a/app/views/repositories/_repository_table.html.erb
+++ b/app/views/repositories/_repository_table.html.erb
@@ -21,8 +21,8 @@
         <th id="added-by"><%= t("repositories.table.added_by") %></th>
         <% repository.repository_columns.order(:id).each do |column| %>
           <th class="repository-column" id="<%= column.id %>"
-            <%= 'data-editable' if can_manage_repository_column?(repository.team) %>
-            <%= 'data-deletable' if can_manage_repository_column?(repository.team) %>
+            <%= 'data-editable' if can_update_or_delete_repository_column?(column) %>
+            <%= 'data-deletable' if can_update_or_delete_repository_column?(column) %>
             <%= "data-edit-url='#{edit_repository_repository_column_path(repository, column)}'" %>
             <%= "data-update-url='#{repository_repository_column_path(repository, column)}'" %>
             <%= "data-destroy-html-url='#{repository_columns_destroy_html_path(repository, column)}'" %>