diff --git a/auth/permissions.py b/auth/permissions.py
index abd0686..1a5b419 100644
--- a/auth/permissions.py
+++ b/auth/permissions.py
@@ -138,7 +138,7 @@ SERVICE_PERMISSION_LEVELS: Dict[str, List[Tuple[str, List[str]]]] = {
 # Levels not listed here (or services without entries) deny nothing.
 SERVICE_DENIED_ACTIONS: Dict[str, Dict[str, FrozenSet[str]]] = {
     "tasks": {
-        "manage": frozenset({"delete"}),
+        "manage": frozenset({"delete", "clear_completed"}),
     },
 }
 
diff --git a/tests/test_permissions.py b/tests/test_permissions.py
index 764b49f..c1877f8 100644
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@@ -163,6 +163,14 @@ class TestIsActionDenied:
         set_permissions({"tasks": "manage"})
         assert is_action_denied("tasks", "move") is False
 
+    def test_tasks_manage_denies_clear_completed(self):
+        set_permissions({"tasks": "manage"})
+        assert is_action_denied("tasks", "clear_completed") is True
+
+    def test_tasks_full_allows_clear_completed(self):
+        set_permissions({"tasks": "full"})
+        assert is_action_denied("tasks", "clear_completed") is False
+
     def test_service_not_in_permissions_allows_all(self):
         set_permissions({"gmail": "readonly"})
         assert is_action_denied("tasks", "delete") is False