diff --git a/src/appengine/libs/access.py b/src/appengine/libs/access.py
index 60cb1e7508..25aba3e852 100644
--- a/src/appengine/libs/access.py
+++ b/src/appengine/libs/access.py
@@ -21,6 +21,7 @@
 from clusterfuzz._internal.datastore import data_handler
 from clusterfuzz._internal.google_cloud_utils import google_groups
 from clusterfuzz._internal.issue_management import issue_tracker_utils
+from clusterfuzz._internal.metrics import logs
 from libs import auth
 from libs import helpers
 
@@ -47,12 +48,16 @@ def _is_privileged_user(email):
         utils.is_service_account(privileged_group)):
       continue
 
-    group_id = google_groups.get_group_id(privileged_group)
-    if not group_id:
-      continue
+    try:
+      group_id = google_groups.get_group_id(privileged_group)
+      if not group_id:
+        continue
 
-    if google_groups.check_transitive_group_membership(group_id, email):
-      return True
+      if google_groups.check_transitive_group_membership(group_id, email):
+        return True
+    except:
+      logs.error(f'Failed to check privileged group membership for {email}')
+      return False
 
   return False
 
diff --git a/src/clusterfuzz/_internal/tests/appengine/libs/access_test.py b/src/clusterfuzz/_internal/tests/appengine/libs/access_test.py
index d2709f31dc..05a708b0f8 100644
--- a/src/clusterfuzz/_internal/tests/appengine/libs/access_test.py
+++ b/src/clusterfuzz/_internal/tests/appengine/libs/access_test.py
@@ -138,6 +138,19 @@ def test_not_member_privileged_group(self):
     self.mock.check_transitive_group_membership.assert_called_with(
         1, 'usertest@google.com')
 
+  def test_not_member_google_group_exception(self):
+    """Test failed access if user not member of privileged group."""
+    self.mock.get_value.side_effect = self._get_value_mock
+    self.mock.get_identity_api.return_value = None
+    self.mock.get_group_id.return_value = 1
+    self.mock.check_transitive_group_membership.return_value = True
+    self.mock.check_transitive_group_membership.side_effect = Exception()
+
+    self.assertFalse(access._is_privileged_user('usertest@google.com'))
+    self.mock.get_group_id.assert_called_with('test@group.com')
+    self.mock.check_transitive_group_membership.assert_called_with(
+        1, 'usertest@google.com')
+
 
 class IsDomainAllowedTest(unittest.TestCase):
   """Test _is_domain_allowed."""