diff --git a/datasette/views/database.py b/datasette/views/database.py
index 4eae9e33dc..961ab61e6e 100644
--- a/datasette/views/database.py
+++ b/datasette/views/database.py
@@ -134,21 +134,14 @@ async def data(
             params.pop("_shape")
 
         # Respect canned query permissions
+        await self.check_permission(request, "view-instance")
+        await self.check_permission(request, "view-database", "database", database)
         if canned_query:
-            await self.check_permission(request, "view-instance")
-            await self.check_permission(request, "view-database", "database", database)
             await self.check_permission(
                 request, "view-query", "query", (database, canned_query)
             )
-            # TODO: fix this to use that permission check
-            if not actor_matches_allow(
-                request.scope.get("actor", None), metadata.get("allow")
-            ):
-                return Response("Permission denied", status=403)
         else:
-            await self.check_permission(request, "view-instance")
-            await self.check_permission(request, "view-database", "database", database)
-            await self.check_permission(request, "execute-query", "database", database)
+            await self.check_permission(request, "execute-sql", "database", database)
         # Extract any :named parameters
         named_parameters = named_parameters or self.re_named_parameter.findall(sql)
         named_parameter_values = {
diff --git a/docs/authentication.rst b/docs/authentication.rst
index 7fa96b3579..ee8e7125c9 100644
--- a/docs/authentication.rst
+++ b/docs/authentication.rst
@@ -234,8 +234,8 @@ Actor is allowed to view a :ref:`canned query <canned_queries>` page, e.g. https
 
 .. _permissions_execute_query:
 
-execute-query
--------------
+execute-sql
+-----------
 
 Actor is allowed to run arbitrary SQL queries against a specific database, e.g. https://latest.datasette.io/fixtures?sql=select+100
 
diff --git a/tests/test_html.py b/tests/test_html.py
index b41c1943d8..ac7432d794 100644
--- a/tests/test_html.py
+++ b/tests/test_html.py
@@ -893,7 +893,7 @@ def test_database_query_permission_checks(app_client):
         [
             "view-instance",
             ("view-database", "database", "fixtures"),
-            ("execute-query", "database", "fixtures"),
+            ("execute-sql", "database", "fixtures"),
         ],
     )