diff --git a/app/controllers/api/v1/comments_controller.rb b/app/controllers/api/v1/comments_controller.rb
index 7e500b664..52ddf88f5 100644
--- a/app/controllers/api/v1/comments_controller.rb
+++ b/app/controllers/api/v1/comments_controller.rb
@@ -8,7 +8,7 @@ module Api
       end
 
       before_action only: %i[create destroy] do
-        require_access_token %w[interactions public:modify]
+        require_access_token %w[interactions public:read]
       end
 
       rescue_from ActiveRecord::RecordNotFound do
diff --git a/app/controllers/api/v1/likes_controller.rb b/app/controllers/api/v1/likes_controller.rb
index 30ee81149..d2d052f7f 100644
--- a/app/controllers/api/v1/likes_controller.rb
+++ b/app/controllers/api/v1/likes_controller.rb
@@ -31,7 +31,7 @@ module Api
 
       def create
         post = post_service.find!(params.require(:post_id))
-        raise ActiveRecord::RecordInvalid unless post.public? || private_modify?
+        raise ActiveRecord::RecordInvalid unless post.public? || private_read?
 
         like_service.create(params[:post_id])
       rescue ActiveRecord::RecordInvalid => e
@@ -46,7 +46,7 @@ module Api
 
       def destroy
         post = post_service.find!(params.require(:post_id))
-        raise ActiveRecord::RecordInvalid unless post.public? || private_modify?
+        raise ActiveRecord::RecordInvalid unless post.public? || private_read?
 
         success = like_service.unlike_post(params[:post_id])
         if success