diff --git a/src/inspector_js_api.cc b/src/inspector_js_api.cc
index 0a2d9e2ec84b08..fec9de840ef59e 100644
--- a/src/inspector_js_api.cc
+++ b/src/inspector_js_api.cc
@@ -181,6 +181,9 @@ void SetConsoleExtensionInstaller(const FunctionCallbackInfo<Value>& info) {
 
 void CallAndPauseOnStart(const FunctionCallbackInfo<v8::Value>& args) {
   Environment* env = Environment::GetCurrent(args);
+  THROW_IF_INSUFFICIENT_PERMISSIONS(env,
+                                    permission::PermissionScope::kInspector,
+                                    "PauseOnNextJavascriptStatement");
   CHECK_GT(args.Length(), 1);
   CHECK(args[0]->IsFunction());
   SlicedArguments call_args(args, /* start */ 2);
diff --git a/test/fixtures/permission/inspector-brk.js b/test/fixtures/permission/inspector-brk.js
new file mode 100644
index 00000000000000..7cdea513a25c7e
--- /dev/null
+++ b/test/fixtures/permission/inspector-brk.js
@@ -0,0 +1 @@
+console.log('done');
\ No newline at end of file
diff --git a/test/parallel/test-permission-inspector-brk.js b/test/parallel/test-permission-inspector-brk.js
new file mode 100644
index 00000000000000..4392a305dda2fc
--- /dev/null
+++ b/test/parallel/test-permission-inspector-brk.js
@@ -0,0 +1,23 @@
+'use strict';
+
+const common = require('../common');
+const assert = require('assert');
+const { spawnSync } = require('child_process');
+const fixtures = require('../common/fixtures');
+const file = fixtures.path('permission', 'inspector-brk.js');
+
+common.skipIfWorker();
+common.skipIfInspectorDisabled();
+
+const { status, stderr } = spawnSync(
+  process.execPath,
+  [
+    '--experimental-permission',
+    '--allow-fs-read=*',
+    '--inspect-brk',
+    file,
+  ],
+);
+
+assert.strictEqual(status, 1);
+assert.match(stderr.toString(), /Error: Access to this API has been restricted/);