diff --git a/lms/djangoapps/instructor/permissions.py b/lms/djangoapps/instructor/permissions.py
index 85d2153f01..690dca6817 100644
--- a/lms/djangoapps/instructor/permissions.py
+++ b/lms/djangoapps/instructor/permissions.py
@@ -5,8 +5,9 @@ Permissions for the instructor dashboard and associated actions
 from bridgekeeper import perms
 from courseware.rules import HasAccessRule
 
-
+ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM = 'instructor.allow_student_to_bypass_entrance_exam'
 VIEW_ISSUED_CERTIFICATES = 'instructor.view_issued_certificates'
 
 
+perms[ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM] = HasAccessRule('staff')
 perms[VIEW_ISSUED_CERTIFICATES] = HasAccessRule('staff')
diff --git a/lms/djangoapps/instructor/views/api.py b/lms/djangoapps/instructor/views/api.py
index 216e4d320e..d430ebfce7 100644
--- a/lms/djangoapps/instructor/views/api.py
+++ b/lms/djangoapps/instructor/views/api.py
@@ -148,7 +148,11 @@ from .tools import (
     strip_if_string
 )
 
-from ..permissions import VIEW_ISSUED_CERTIFICATES
+from ..permissions import (
+    ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM,
+    VIEW_ISSUED_CERTIFICATES,
+)
+
 
 log = logging.getLogger(__name__)
 
@@ -3030,7 +3034,7 @@ def enable_certificate_generation(request, course_id=None):
 
 @ensure_csrf_cookie
 @cache_control(no_cache=True, no_store=True, must_revalidate=True)
-@require_level('staff')
+@require_course_permission(ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM)
 @require_POST
 def mark_student_can_skip_entrance_exam(request, course_id):
     """