diff --git a/app/services/ci/create_pipeline_service.rb b/app/services/ci/create_pipeline_service.rb
index 7efea564ba6d73d47a96c806b807e6e11590b41b..a51c52b3f91a47aaa6b9a433b1c49c9a3b069cf0 100644
--- a/app/services/ci/create_pipeline_service.rb
+++ b/app/services/ci/create_pipeline_service.rb
@@ -23,6 +23,10 @@ module Ci
         return error('Insufficient permissions to create a new pipeline')
       end
 
+      unless trigger_request && trigger_request.trigger.owner
+        return error('Legacy trigger without a owner is not allowed')
+      end
+
       unless branch? || tag?
         return error('Reference not found')
       end
@@ -59,9 +63,7 @@ module Ci
     def triggering_user_allowed_for_ref?(trigger_request, ref)
       triggering_user = current_user || trigger_request.trigger.owner
 
-      (triggering_user &&
-        Ci::Pipeline.allowed_to_create?(triggering_user, project, ref)) ||
-        !project.protected_for?(ref)
+      Ci::Pipeline.allowed_to_create?(triggering_user, project, ref)
     end
 
     def process!
diff --git a/spec/services/ci/create_pipeline_service_spec.rb b/spec/services/ci/create_pipeline_service_spec.rb
index 2616dcc6f0418af570944c6131fe116b268eed92..b8534a9d1aadb93e4b8023c784beb3f11a13eb89 100644
--- a/spec/services/ci/create_pipeline_service_spec.rb
+++ b/spec/services/ci/create_pipeline_service_spec.rb
@@ -409,5 +409,18 @@ describe Ci::CreatePipelineService, services: true do
 
       it_behaves_like 'when ref is protected'
     end
+
+    context 'when ref is not protected' do
+      context 'when trigger belongs to no one' do
+        let(:user) {}
+        let(:trigger_request) { create(:ci_trigger_request) }
+
+        it 'does not create a pipeline' do
+          expect(execute_service(trigger_request: trigger_request))
+            .not_to be_persisted
+          expect(Ci::Pipeline.count).to eq(0)
+        end
+      end
+    end
   end
 end