diff --git a/src/common/utils/registry/auth/tokenauthorizer.go b/src/common/utils/registry/auth/tokenauthorizer.go
index 6a0812169..01435d807 100644
--- a/src/common/utils/registry/auth/tokenauthorizer.go
+++ b/src/common/utils/registry/auth/tokenauthorizer.go
@@ -164,7 +164,7 @@ func parseScopes(req *http.Request) ([]*token.ResourceActions, error) {
 		case http.MethodGet, http.MethodHead:
 			scope.Actions = []string{"pull"}
 		case http.MethodPost, http.MethodPut, http.MethodPatch:
-			scope.Actions = []string{"push"}
+			scope.Actions = []string{"pull", "push"}
 		case http.MethodDelete:
 			scope.Actions = []string{"*"}
 		default:
diff --git a/src/common/utils/registry/auth/tokenauthorizer_test.go b/src/common/utils/registry/auth/tokenauthorizer_test.go
index bf6615f81..5a564992d 100644
--- a/src/common/utils/registry/auth/tokenauthorizer_test.go
+++ b/src/common/utils/registry/auth/tokenauthorizer_test.go
@@ -116,10 +116,9 @@ func TestParseScopes(t *testing.T) {
 	assert.Nil(t, err)
 	assert.Equal(t, 1, len(scopses))
 	assert.EqualValues(t, &token.ResourceActions{
-		Type: "repository",
-		Name: "library/mysql/5.6",
-		Actions: []string{
-			"push"},
+		Type:    "repository",
+		Name:    "library/mysql/5.6",
+		Actions: []string{"pull", "push"},
 	}, scopses[0])
 
 	// invalid