diff --git a/apps/ops/api/job.py b/apps/ops/api/job.py
index ae9748964..f473d9861 100644
--- a/apps/ops/api/job.py
+++ b/apps/ops/api/job.py
@@ -1,3 +1,4 @@
+from django.conf import settings
 from django.db.models import Count
 from django.db.transaction import atomic
 from rest_framework.views import APIView
@@ -30,6 +31,11 @@ class JobViewSet(OrgBulkModelViewSet):
     search_fields = ('name', 'comment')
     model = Job
 
+    def check_permissions(self, request):
+        if not settings.SECURITY_COMMAND_EXECUTION:
+            return self.permission_denied(request, "Command execution disabled")
+        return super().check_permissions(request)
+
     def allow_bulk_destroy(self, qs, filtered):
         return True