Currently, when the user generated an app password with 'pipeline:write' permission and the user was granted read permission via repository settings, the pipeline delete cache API returns a 404 not found error.

Actual:

HTTP 404 {"type": "error", "error": {"message": "Resource not found"}} 

Expected:

HTTP 403 {"type": "error", "error": {"message": "Permission denied"}} 

The suggestion is to improve and provide the correct response code in these scenarios.