diff --git a/reports/tests/test_report_permissions.py b/reports/tests/test_report_permissions.py
new file mode 100644
index 000000000..5b2afc98a
--- /dev/null
+++ b/reports/tests/test_report_permissions.py
@@ -0,0 +1,27 @@
+import pytest
+
+from django.contrib.auth.models import Group, Permission
+from django.urls import reverse
+
+pytestmark = pytest.mark.django_db
+
+
+def test_can_only_view_report_with_relevant_permission(client, valid_user):
+    client.force_login(valid_user)
+    response = client.get(reverse("reports:index"))
+    assert response.status_code == 302
+
+    group = Group.objects.first()
+    for app_label, codename in [
+        ("reports", "view_report"),
+        ("reports", "view_report_index"),
+    ]:
+        group.permissions.add(
+            Permission.objects.get(
+                content_type__app_label=app_label,
+                codename=codename,
+            ),
+        )
+
+    valid_response = client.get(reverse("reports:index"))
+    assert valid_response.status_code == 200