diff --git a/.changeset/quiet-countries-provide.md b/.changeset/quiet-countries-provide.md
new file mode 100644
index 0000000000000..0c8753aa381a1
--- /dev/null
+++ b/.changeset/quiet-countries-provide.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+New permission for testing push notifications
diff --git a/apps/meteor/app/authorization/server/constant/permissions.ts b/apps/meteor/app/authorization/server/constant/permissions.ts
index 7b5f1594e5c31..6efe99e14d0e4 100644
--- a/apps/meteor/app/authorization/server/constant/permissions.ts
+++ b/apps/meteor/app/authorization/server/constant/permissions.ts
@@ -212,6 +212,7 @@ export const permissions = [
 	{ _id: 'get-server-info', roles: ['admin'] },
 	{ _id: 'register-on-cloud', roles: ['admin'] },
 	{ _id: 'test-admin-options', roles: ['admin'] },
+	{ _id: 'test-push-notifications', roles: ['admin', 'user'] },
 	{ _id: 'sync-auth-services-users', roles: ['admin'] },
 	{ _id: 'restart-server', roles: ['admin'] },
 	{ _id: 'remove-slackbridge-links', roles: ['admin'] },
diff --git a/apps/meteor/packages/rocketchat-i18n/i18n/en.i18n.json b/apps/meteor/packages/rocketchat-i18n/i18n/en.i18n.json
index 782eeaad8d517..0bf407dab3687 100644
--- a/apps/meteor/packages/rocketchat-i18n/i18n/en.i18n.json
+++ b/apps/meteor/packages/rocketchat-i18n/i18n/en.i18n.json
@@ -5025,7 +5025,9 @@
   "Test_Desktop_Notifications": "Test Desktop Notifications",
   "Test_LDAP_Search": "Test LDAP Search",
   "test-admin-options": "Test options on admin panel",
-  "test-admin-options_description": "Permission to test options on admin panel such as LDAP login and push notifications",
+  "test-admin-options_description": "Permission to test options on admin panel such as LDAP login.",
+  "test-push-notifications": "Test push notifications",
+  "test-push-notifications_description": "Permission to test push notifications",
   "Texts": "Texts",
   "Thank_you_for_your_feedback": "Thank you for your feedback",
   "The_application_name_is_required": "The application name is required",
diff --git a/apps/meteor/server/lib/pushConfig.ts b/apps/meteor/server/lib/pushConfig.ts
index d9c7191d2c55a..8bd1b49a4a5ff 100644
--- a/apps/meteor/server/lib/pushConfig.ts
+++ b/apps/meteor/server/lib/pushConfig.ts
@@ -4,6 +4,7 @@ import { Meteor } from 'meteor/meteor';
 
 import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission';
 import { getWorkspaceAccessToken } from '../../app/cloud/server';
+import { RateLimiter } from '../../app/lib/server/lib';
 import { Push } from '../../app/push/server';
 import { settings } from '../../app/settings/server';
 import { i18n } from './i18n';
@@ -25,7 +26,7 @@ Meteor.methods<ServerMethods>({
 			});
 		}
 
-		if (!(await hasPermissionAsync(user._id, 'test-admin-options'))) {
+		if (!(await hasPermissionAsync(user._id, 'test-push-notifications'))) {
 			throw new Meteor.Error('error-not-allowed', 'Not allowed', {
 				method: 'push_test',
 			});
@@ -82,6 +83,10 @@ Meteor.methods<ServerMethods>({
 	},
 });
 
+RateLimiter.limitMethod('push_test', 1, 1000, {
+	userId: () => true,
+});
+
 settings.watch<boolean>('Push_enable', async (enabled) => {
 	if (!enabled) {
 		return;