diff --git a/backend/core/permissions.py b/backend/core/permissions.py
index 04bbe772d..8ea3d2db5 100644
--- a/backend/core/permissions.py
+++ b/backend/core/permissions.py
@@ -37,17 +37,15 @@ def has_object_permission(self, request: Request, view, obj):
             obj, "is_published", False
         ):
             return True
-        perm = Permission.objects.get(codename=_codename)
 
-        # special case of risk acceptance approval
-        if request.parser_context and request.parser_context[
-            "request"
-        ]._request.resolver_match.url_name in [
-            "risk-acceptances-accept",
-            "risk-acceptances-reject",
-            "risk-acceptances-revoke",
-        ]:
-            perm = Permission.objects.get(codename="approve_riskacceptance")
+        # Check for view action permission overrides
+        current_action = getattr(view, "action", None)
+
+        if current_action:
+            permission_overrides = getattr(view, "permission_overrides", {})
+            _codename = permission_overrides.get(current_action, _codename)
+
+        perm = Permission.objects.get(codename=_codename)
 
         return RoleAssignment.is_access_allowed(
             user=request.user,
diff --git a/backend/core/views.py b/backend/core/views.py
index a945810cb..c212f0fea 100644
--- a/backend/core/views.py
+++ b/backend/core/views.py
@@ -1676,6 +1676,12 @@ class RiskAcceptanceViewSet(BaseModelViewSet):
     API endpoint that allows risk acceptance to be viewed or edited.
     """
 
+    permission_overrides = {
+        "accept": "approve_riskacceptance",
+        "reject": "approve_riskacceptance",
+        "revoke": "approve_riskacceptance",
+    }
+
     model = RiskAcceptance
     serializer_class = RiskAcceptanceWriteSerializer
     filterset_fields = ["folder", "state", "approver", "risk_scenarios"]