diff --git a/CHANGES/509.bugfix b/CHANGES/509.bugfix
new file mode 100644
index 000000000..f9128bde4
--- /dev/null
+++ b/CHANGES/509.bugfix
@@ -0,0 +1 @@
+Account for case when token's scope does not contain type/resource/action.
diff --git a/pulp_container/app/authorization.py b/pulp_container/app/authorization.py
index f3581e14f..e44421432 100644
--- a/pulp_container/app/authorization.py
+++ b/pulp_container/app/authorization.py
@@ -133,7 +133,7 @@ def determine_access(self):
                 endpoint.
 
         """
-        if not self.scope:
+        if not self.scope or self.scope.count(":") != 2:
             return []
 
         typ, name, actions = self.scope.split(":")