diff --git a/src/app/api/api_v1/endpoints/guidelines.py b/src/app/api/api_v1/endpoints/guidelines.py
index 19b7bc0..40feb7e 100644
--- a/src/app/api/api_v1/endpoints/guidelines.py
+++ b/src/app/api/api_v1/endpoints/guidelines.py
@@ -29,7 +29,7 @@ async def create_guideline(
     telemetry_client.capture(user.id, event="guideline-creation", properties={"repo_id": payload.repo_id})
     # Check if user is allowed
     repo = cast(Repository, await repos.get(payload.repo_id, strict=True))
-    gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token)
+    gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token, repo.installed_by)
     return await guidelines.create(GuidelineCreation(**payload.dict()))
 
 
@@ -65,7 +65,7 @@ async def update_guideline_content(
     telemetry_client.capture(user.id, event="guideline-content", properties={"repo_id": guideline.repo_id})
     # Check if user is allowed
     repo = cast(Repository, await repos.get(guideline.repo_id, strict=True))
-    gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token)
+    gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token, repo.installed_by)
     return guideline
 
 
@@ -82,7 +82,7 @@ async def update_guideline_order(
     telemetry_client.capture(user.id, event="guideline-order", properties={"repo_id": guideline.repo_id})
     # Check if user is allowed
     repo = cast(Repository, await repos.get(guideline.repo_id, strict=True))
-    gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token)
+    gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token, repo.installed_by)
     return guideline
 
 
@@ -98,5 +98,5 @@ async def delete_guideline(
     telemetry_client.capture(user.id, event="guideline-deletion", properties={"repo_id": guideline.repo_id})
     # Check if user is allowed
     repo = cast(Repository, await repos.get(guideline.repo_id, strict=True))
-    gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token)
+    gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token, repo.installed_by)
     await guidelines.delete(guideline_id)
diff --git a/src/app/api/api_v1/endpoints/repos.py b/src/app/api/api_v1/endpoints/repos.py
index c36721f..8e34c3b 100644
--- a/src/app/api/api_v1/endpoints/repos.py
+++ b/src/app/api/api_v1/endpoints/repos.py
@@ -81,7 +81,7 @@ async def reorder_repo_guidelines(
             status_code=status.HTTP_422_UNPROCESSABLE_ENTITY, detail="Guideline IDs for that repo don't match."
         )
     # Check if user is allowed
-    gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token)
+    gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token, repo.installed_by)
     # Update all order
     return [
         await guidelines.update(guideline_id, OrderUpdate(order=order_idx, updated_at=datetime.utcnow()))
@@ -99,7 +99,7 @@ async def disable_repo(
     telemetry_client.capture(user.id, event="repo-disable", properties={"repo_id": repo_id})
     # Check if user is allowed
     repo = cast(Repository, await repos.get(repo_id, strict=True))
-    gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token)
+    gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token, repo.installed_by)
     return await repos.update(repo_id, RepoUpdate(is_active=False))
 
 
@@ -113,7 +113,7 @@ async def enable_repo(
     telemetry_client.capture(user.id, event="repo-enable", properties={"repo_id": repo_id})
     # Check if user is allowed
     repo = cast(Repository, await repos.get(repo_id, strict=True))
-    gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token)
+    gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token, repo.installed_by)
     return await repos.update(repo_id, RepoUpdate(is_active=True))
 
 
diff --git a/src/app/services/github.py b/src/app/services/github.py
index db1b163..25d1f6b 100644
--- a/src/app/services/github.py
+++ b/src/app/services/github.py
@@ -54,9 +54,18 @@ def get_permission(self, repo_name: str, user_name: str, github_token: str) -> s
         return self._get(f"repos/{repo_name}/collaborators/{user_name}/permission", github_token)["role_name"]
 
     def check_user_permission(
-        self, user: User, repo_full_name: str, repo_owner_id: int, github_token: Union[str, None]
+        self,
+        user: User,
+        repo_full_name: str,
+        repo_owner_id: int,
+        github_token: Union[str, None],
+        repo_installer_id: Union[int, None] = None,
     ) -> None:
-        if user.scope != UserScope.ADMIN and repo_owner_id != user.id:
+        if (
+            user.scope != UserScope.ADMIN
+            and repo_owner_id != user.id
+            and (not isinstance(repo_installer_id, int) or repo_installer_id != user.id)
+        ):
             if not isinstance(github_token, str):
                 raise HTTPException(
                     status_code=status.HTTP_422_UNPROCESSABLE_ENTITY, detail="Expected `github_token` to check access."