diff --git a/app/models/webhook.rb b/app/models/webhook.rb
index 1f77a90990..c798ed9574 100644
--- a/app/models/webhook.rb
+++ b/app/models/webhook.rb
@@ -53,7 +53,9 @@ class Webhook < ApplicationRecord
   end
 
   def required_permissions
-    events.map { |event| Webhook.permission_for_event(event) }
+    events
+      .map { |event| Webhook.permission_for_event(event) }
+      .uniq
   end
 
   def self.permission_for_event(event)
diff --git a/spec/models/webhook_spec.rb b/spec/models/webhook_spec.rb
index 3bce8c7931..aa0b5d7508 100644
--- a/spec/models/webhook_spec.rb
+++ b/spec/models/webhook_spec.rb
@@ -71,6 +71,22 @@ RSpec.describe Webhook do
     end
   end
 
+  describe '#required_permissions' do
+    subject { described_class.new(events:).required_permissions }
+
+    context 'with empty events' do
+      let(:events) { [] }
+
+      it { is_expected.to eq([]) }
+    end
+
+    context 'with multiple event types' do
+      let(:events) { %w(account.created account.updated status.created) }
+
+      it { is_expected.to eq %i(manage_users view_devops) }
+    end
+  end
+
   describe '#rotate_secret!' do
     it 'changes the secret' do
       expect { webhook.rotate_secret! }