diff --git a/src/common/api/base.go b/src/common/api/base.go
index 3446d5ff2..6d60cd896 100644
--- a/src/common/api/base.go
+++ b/src/common/api/base.go
@@ -61,9 +61,9 @@ func (b *BaseAPI) HandleUnauthorized() {
 }
 
 // HandleForbidden ...
-func (b *BaseAPI) HandleForbidden(username string) {
-	log.Infof("forbidden: %s", username)
-	b.RenderError(http.StatusForbidden, "")
+func (b *BaseAPI) HandleForbidden(text string) {
+	log.Infof("forbidden: %s", text)
+	b.RenderError(http.StatusForbidden, text)
 }
 
 // HandleBadRequest ...
diff --git a/src/core/api/repository.go b/src/core/api/repository.go
index ce67d4512..001a80704 100644
--- a/src/core/api/repository.go
+++ b/src/core/api/repository.go
@@ -480,14 +480,14 @@ func (ra *RepositoryAPI) Retag() {
 	// Check whether use has read permission to source project
 	if !ra.SecurityCtx.HasReadPerm(srcImage.Project) {
 		log.Errorf("user has no read permission to project '%s'", srcImage.Project)
-		ra.HandleForbidden(ra.SecurityCtx.GetUsername())
+		ra.HandleForbidden(fmt.Sprintf("%s has no read permission to project %s", ra.SecurityCtx.GetUsername(), srcImage.Project))
 		return
 	}
 
 	// Check whether user has write permission to target project
 	if !ra.SecurityCtx.HasWritePerm(project) {
 		log.Errorf("user has no write permission to project '%s'", project)
-		ra.HandleForbidden(ra.SecurityCtx.GetUsername())
+		ra.HandleForbidden(fmt.Sprintf("%s has no write permission to project %s", ra.SecurityCtx.GetUsername(), project))
 		return
 	}