diff --git a/changelog/unreleased/enhancement-hide-versions-panel b/changelog/unreleased/enhancement-hide-versions-panel
new file mode 100644
index 00000000000..1163c7ea699
--- /dev/null
+++ b/changelog/unreleased/enhancement-hide-versions-panel
@@ -0,0 +1,6 @@
+Enhancement: Hide versions panel with insufficient permissions
+
+Users that have insufficient permissions to view file versions don't see the versions sidebar panel anymore. This currently affects regular share receivers, space viewers and space editors without the permission to view versions.
+
+https://github.com/owncloud/web/pull/11484
+https://github.com/owncloud/web/issues/11359
diff --git a/packages/web-app-files/src/composables/extensions/useFileSideBars.ts b/packages/web-app-files/src/composables/extensions/useFileSideBars.ts
index e255c12a705..27e0b6e1a70 100644
--- a/packages/web-app-files/src/composables/extensions/useFileSideBars.ts
+++ b/packages/web-app-files/src/composables/extensions/useFileSideBars.ts
@@ -20,15 +20,13 @@ import {
   SidebarPanelExtension,
   useIsFilesAppActive,
   useGetMatchingSpace,
-  useUserStore,
-  useCapabilityStore
+  useCapabilityStore,
+  useCanListVersions
 } from '@ownclouders/web-pkg'
 import {
-  isPersonalSpaceResource,
   isProjectSpaceResource,
   isShareResource,
   isShareSpaceResource,
-  isSpaceResource,
   SpaceResource
 } from '@ownclouders/web-client'
 import { Resource } from '@ownclouders/web-client'
@@ -44,7 +42,7 @@ export const useSideBarPanels = (): SidebarPanelExtension<SpaceResource, Resourc
   const { $gettext } = useGettext()
   const isFilesAppActive = useIsFilesAppActive()
   const { isPersonalSpaceRoot } = useGetMatchingSpace()
-  const userStore = useUserStore()
+  const { canListVersions } = useCanListVersions()
 
   return [
     {
@@ -268,23 +266,7 @@ export const useSideBarPanels = (): SidebarPanelExtension<SpaceResource, Resourc
           if (items?.length !== 1) {
             return false
           }
-          if (isProjectSpaceResource(items[0])) {
-            // project space roots don't support versions
-            return false
-          }
-
-          const userIsSpaceMember =
-            (isProjectSpaceResource(root) && root.isMember(userStore.user)) ||
-            (isPersonalSpaceResource(root) && root.isOwner(userStore.user))
-
-          if (
-            isLocationTrashActive(router, 'files-trash-generic') ||
-            !userIsSpaceMember ||
-            isSpaceResource(items[0])
-          ) {
-            return false
-          }
-          return items[0].type !== 'folder'
+          return canListVersions({ space: root, resource: items[0] })
         }
       }
     },
diff --git a/packages/web-client/src/helpers/share/types.ts b/packages/web-client/src/helpers/share/types.ts
index 66ea5a04f07..b7d84450864 100644
--- a/packages/web-client/src/helpers/share/types.ts
+++ b/packages/web-client/src/helpers/share/types.ts
@@ -11,9 +11,11 @@ export enum GraphSharePermission {
   readContent = 'libre.graph/driveItem/content/read',
   readChildren = 'libre.graph/driveItem/children/read',
   readDeleted = 'libre.graph/driveItem/deleted/read',
+  readVersions = 'libre.graph/driveItem/versions/read',
   updatePath = 'libre.graph/driveItem/path/update',
   updateDeleted = 'libre.graph/driveItem/deleted/update',
   updatePermissions = 'libre.graph/driveItem/permissions/update',
+  updateVersions = 'libre.graph/driveItem/versions/update',
   deleteStandard = 'libre.graph/driveItem/standard/delete',
   deleteDeleted = 'libre.graph/driveItem/deleted/delete',
   deletePermissions = 'libre.graph/driveItem/permissions/delete'
diff --git a/packages/web-client/src/helpers/space/functions.ts b/packages/web-client/src/helpers/space/functions.ts
index 0b600773ddd..c106aa2b830 100644
--- a/packages/web-client/src/helpers/space/functions.ts
+++ b/packages/web-client/src/helpers/space/functions.ts
@@ -8,6 +8,7 @@ import {
 } from '../resource'
 import {
   isPersonalSpaceResource,
+  isPublicSpaceResource,
   PublicSpaceResource,
   ShareSpaceResource,
   SpaceMember,
@@ -296,6 +297,12 @@ export function buildSpace(
         GraphSharePermission.deletePermissions
       )
     },
+    canListVersions: function ({ user }: { user?: User } = {}) {
+      if (isPersonalSpaceResource(this) && this.isOwner(user)) {
+        return true
+      }
+      return getPermissionsForSpaceMember(this, user).includes(GraphSharePermission.readVersions)
+    },
     canCreate: function () {
       return true
     },
@@ -325,6 +332,9 @@ export function buildSpace(
       return urlJoin(webDavTrashUrl, path)
     },
     isMember(user: User): boolean {
+      if (isPublicSpaceResource(this)) {
+        return false
+      }
       if (this.isOwner(user) || !!this.members[user.id]) {
         return true
       }
diff --git a/packages/web-client/src/helpers/space/types.ts b/packages/web-client/src/helpers/space/types.ts
index f656fad9727..64a819ecb32 100644
--- a/packages/web-client/src/helpers/space/types.ts
+++ b/packages/web-client/src/helpers/space/types.ts
@@ -42,6 +42,7 @@ export interface SpaceResource extends Resource {
   canRestore(args?: { user?: User; ability?: Ability }): boolean
   canDeleteFromTrashBin(args?: { user?: User }): boolean
   canRestoreFromTrashbin(args?: { user?: User }): boolean
+  canListVersions(args?: { user?: User }): boolean
 
   getWebDavUrl({ path }: { path: string }): string
   getWebDavTrashUrl({ path }: { path: string }): string
diff --git a/packages/web-pkg/src/components/SideBar/FileSideBar.vue b/packages/web-pkg/src/components/SideBar/FileSideBar.vue
index ebf5ae846df..6496a1cfbf8 100644
--- a/packages/web-pkg/src/components/SideBar/FileSideBar.vue
+++ b/packages/web-pkg/src/components/SideBar/FileSideBar.vue
@@ -52,7 +52,8 @@ import {
   useResourcesStore,
   useUserStore,
   useConfigStore,
-  useAppsStore
+  useAppsStore,
+  useCanListVersions
 } from '../../composables'
 import {
   isProjectSpaceResource,
@@ -60,8 +61,6 @@ import {
   Resource,
   ShareRole,
   call,
-  isSpaceResource,
-  isPersonalSpaceResource,
   isCollaboratorShare,
   isLinkShare
 } from '@ownclouders/web-client'
@@ -98,6 +97,7 @@ export default defineComponent({
     const userStore = useUserStore()
     const configStore = useConfigStore()
     const appsStore = useAppsStore()
+    const { canListVersions } = useCanListVersions()
 
     const resourcesStore = useResourcesStore()
     const { currentFolder } = storeToRefs(resourcesStore)
@@ -175,12 +175,6 @@ export default defineComponent({
       return unref(isShareLocation) || unref(isSearchLocation) || unref(isFavoritesLocation)
     })
 
-    const userIsSpaceMember = computed(
-      () =>
-        (isProjectSpaceResource(props.space) && props.space.isMember(userStore.user)) ||
-        (isPersonalSpaceResource(props.space) && props.space.isOwner(userStore.user))
-    )
-
     const availablePanels = computed(() =>
       extensionRegistry
         .requestExtensions<SidebarPanelExtension<SpaceResource, Resource, Resource>>({
@@ -303,17 +297,14 @@ export default defineComponent({
           loadVersionsTask.cancelAll()
         }
 
-        if (
-          !resource.isFolder &&
-          !isSpaceResource(resource) &&
-          unref(userIsSpaceMember) &&
-          !unref(isTrashLocation)
-        ) {
-          try {
-            await loadVersionsTask.perform(resource)
-          } catch (e) {
-            console.error(e)
-          }
+        if (!canListVersions({ space: props.space, resource })) {
+          return
+        }
+
+        try {
+          await loadVersionsTask.perform(resource)
+        } catch (e) {
+          console.error(e)
         }
       },
       { immediate: true, deep: true }
@@ -339,7 +330,7 @@ export default defineComponent({
         }
 
         isMetaDataLoading.value = true
-        if (unref(userIsSpaceMember) && !unref(isTrashLocation)) {
+        if (props.space?.isMember(userStore.user) && !unref(isTrashLocation)) {
           try {
             if (loadSharesTask.isRunning) {
               loadSharesTask.cancelAll()
diff --git a/packages/web-pkg/src/composables/resources/index.ts b/packages/web-pkg/src/composables/resources/index.ts
index 5e0299793b9..f2026f80f6e 100644
--- a/packages/web-pkg/src/composables/resources/index.ts
+++ b/packages/web-pkg/src/composables/resources/index.ts
@@ -1,3 +1,4 @@
 export * from './useCanBeOpenedWithSecureView'
+export * from './useCanListVersions'
 export * from './useGetResourceContext'
 export * from './useResourceContents'
diff --git a/packages/web-pkg/src/composables/resources/useCanListVersions.ts b/packages/web-pkg/src/composables/resources/useCanListVersions.ts
new file mode 100644
index 00000000000..730d5351bba
--- /dev/null
+++ b/packages/web-pkg/src/composables/resources/useCanListVersions.ts
@@ -0,0 +1,26 @@
+import { useUserStore } from '../piniaStores'
+import { isSpaceResource, isTrashResource, Resource, SpaceResource } from '@ownclouders/web-client'
+
+export const useCanListVersions = () => {
+  const userStore = useUserStore()
+
+  const canListVersions = ({ space, resource }: { space: SpaceResource; resource: Resource }) => {
+    if (resource.type === 'folder') {
+      return false
+    }
+    if (isSpaceResource(resource)) {
+      return false
+    }
+    if (isTrashResource(resource)) {
+      return false
+    }
+    if (!space.canListVersions({ user: userStore.user })) {
+      return false
+    }
+    return true
+  }
+
+  return {
+    canListVersions
+  }
+}
diff --git a/packages/web-pkg/tests/unit/components/sidebar/FileSideBar.spec.ts b/packages/web-pkg/tests/unit/components/sidebar/FileSideBar.spec.ts
index 405d9110f31..d9100998add 100644
--- a/packages/web-pkg/tests/unit/components/sidebar/FileSideBar.spec.ts
+++ b/packages/web-pkg/tests/unit/components/sidebar/FileSideBar.spec.ts
@@ -24,6 +24,9 @@ const InnerSideBarComponent = defineComponent({
 })
 
 vi.mock('../../../../src/composables/selection', () => ({ useSelectedResources: vi.fn() }))
+vi.mock('../../../../src/composables/resources/useCanListVersions', () => ({
+  useCanListVersions: () => ({ canListVersions: vi.fn() })
+}))
 
 const selectors = {
   sideBar: '.files-side-bar',
diff --git a/packages/web-pkg/tests/unit/composables/resources/useCanListVersions.spec.ts b/packages/web-pkg/tests/unit/composables/resources/useCanListVersions.spec.ts
new file mode 100644
index 00000000000..2387c342f7f
--- /dev/null
+++ b/packages/web-pkg/tests/unit/composables/resources/useCanListVersions.spec.ts
@@ -0,0 +1,72 @@
+import { getComposableWrapper } from 'web-test-helpers'
+import { mock } from 'vitest-mock-extended'
+import { Resource, SpaceResource, TrashResource } from '@ownclouders/web-client'
+import { useCanListVersions } from '../../../../src/composables/resources'
+
+describe('useCanListVersions', () => {
+  describe('canListVersions', () => {
+    it('returns true for files when user has sufficient permissions in space', () => {
+      getWrapper({
+        setup: ({ canListVersions }) => {
+          const space = mock<SpaceResource>({ canListVersions: () => true })
+          const resource = mock<Resource>({ type: 'file' })
+          const canList = canListVersions({ space, resource })
+          expect(canList).toBeTruthy()
+        }
+      })
+    })
+    it('returns false for folders', () => {
+      getWrapper({
+        setup: ({ canListVersions }) => {
+          const space = mock<SpaceResource>({ canListVersions: () => true })
+          const resource = mock<Resource>({ type: 'folder' })
+          const canList = canListVersions({ space, resource })
+          expect(canList).toBeFalsy()
+        }
+      })
+    })
+    it('returns false for space resources', () => {
+      getWrapper({
+        setup: ({ canListVersions }) => {
+          const space = mock<SpaceResource>({ canListVersions: () => true })
+          const resource = mock<SpaceResource>({ type: 'space' })
+          const canList = canListVersions({ space, resource })
+          expect(canList).toBeFalsy()
+        }
+      })
+    })
+    it('returns false for trash resources', () => {
+      getWrapper({
+        setup: ({ canListVersions }) => {
+          const space = mock<SpaceResource>({ canListVersions: () => true })
+          const resource = mock<TrashResource>({ type: 'file', ddate: '' })
+          const canList = canListVersions({ space, resource })
+          expect(canList).toBeFalsy()
+        }
+      })
+    })
+    it('returns false when user does not have sufficient permissions in space', () => {
+      getWrapper({
+        setup: ({ canListVersions }) => {
+          const space = mock<SpaceResource>({ canListVersions: () => false })
+          const resource = mock<Resource>({ type: 'file' })
+          const canList = canListVersions({ space, resource })
+          expect(canList).toBeFalsy()
+        }
+      })
+    })
+  })
+})
+
+function getWrapper({
+  setup
+}: {
+  setup: (instance: ReturnType<typeof useCanListVersions>) => void
+}) {
+  return {
+    wrapper: getComposableWrapper(() => {
+      const instance = useCanListVersions()
+      setup(instance)
+    })
+  }
+}
diff --git a/tests/e2e/cucumber/features/spaces/project.feature b/tests/e2e/cucumber/features/spaces/project.feature
index a7f378fa8d4..115c44cb05b 100644
--- a/tests/e2e/cucumber/features/spaces/project.feature
+++ b/tests/e2e/cucumber/features/spaces/project.feature
@@ -152,7 +152,7 @@ Feature: spaces.personal
 
     When "Carol" logs in
     And "Carol" navigates to the project space "team.1"
-    And "Carol" should not see the version of the file
+    And "Carol" should not see the version panel for the file
       | resource     | to     |
       | textfile.txt | parent |
     And "Carol" logs out