diff --git a/roles/promote-container-image/tasks/main.yaml b/roles/promote-container-image/tasks/main.yaml
index 6c5d2886d..8bd84f584 100644
--- a/roles/promote-container-image/tasks/main.yaml
+++ b/roles/promote-container-image/tasks/main.yaml
@@ -8,6 +8,15 @@
   fail:
     msg: "{{ zj_image.registry }} credentials not found"
 
+- name: Verify repository permission
+  when: |
+    not zj_image.repository | regex_search(container_registry_credentials[zj_image.registry].repository)
+  loop: "{{ container_images }}"
+  loop_control:
+    loop_var: zj_image
+  fail:
+    msg: "{{ zj_image.repository }} not permitted by {{ container_registry_credentials[zj_image.registry].repository }}"
+
 - name: Log in to registry
   no_log: true
   command: >-
diff --git a/roles/upload-container-image/tasks/main.yaml b/roles/upload-container-image/tasks/main.yaml
index 8faa20d03..a2cfa25ec 100644
--- a/roles/upload-container-image/tasks/main.yaml
+++ b/roles/upload-container-image/tasks/main.yaml
@@ -8,6 +8,15 @@
   fail:
     msg: "{{ zj_image.registry }} credentials not found"
 
+- name: Verify repository permission
+  when: |
+    not zj_image.repository | regex_search(container_registry_credentials[zj_image.registry].repository)
+  loop: "{{ container_images }}"
+  loop_control:
+    loop_var: zj_image
+  fail:
+    msg: "{{ zj_image.repository }} not permitted by {{ container_registry_credentials[zj_image.registry].repository }}"
+
 - name: Upload image to container registry
   loop: "{{ container_images }}"
   loop_control: