diff --git a/src/Api/Controllers/GroupsController.cs b/src/Api/Controllers/GroupsController.cs
index 0ba2eeaf40..73fc9aebed 100644
--- a/src/Api/Controllers/GroupsController.cs
+++ b/src/Api/Controllers/GroupsController.cs
@@ -60,7 +60,8 @@ namespace Bit.Api.Controllers
var orgIdGuid = new Guid(orgId);
var canAccess = _currentContext.ManageGroups(orgIdGuid) ||
_currentContext.ManageAssignedCollections(orgIdGuid) ||
- _currentContext.ManageAllCollections(orgIdGuid);
+ _currentContext.ManageAllCollections(orgIdGuid) ||
+ _currentContext.ManageUsers(orgIdGuid);
if (!canAccess)
{
diff --git a/src/Api/Controllers/OrganizationUsersController.cs b/src/Api/Controllers/OrganizationUsersController.cs
index c00653a610..bbeb1c921f 100644
--- a/src/Api/Controllers/OrganizationUsersController.cs
+++ b/src/Api/Controllers/OrganizationUsersController.cs
@@ -59,7 +59,9 @@ namespace Bit.Api.Controllers
public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(string orgId)
{
var orgGuidId = new Guid(orgId);
- if (!_currentContext.ManageAssignedCollections(orgGuidId) && !_currentContext.ManageGroups(orgGuidId))
+ if (!_currentContext.ManageAssignedCollections(orgGuidId) &&
+ !_currentContext.ManageGroups(orgGuidId) &&
+ !_currentContext.ManageUsers(orgGuidId))
{
throw new NotFoundException();
}
@@ -75,7 +77,8 @@ namespace Bit.Api.Controllers
public async Task<IEnumerable<string>> GetGroups(string orgId, string id)
{
var organizationUser = await _organizationUserRepository.GetByIdAsync(new Guid(id));
- if (organizationUser == null || !_currentContext.ManageGroups(organizationUser.OrganizationId))
+ if (organizationUser == null || (!_currentContext.ManageGroups(organizationUser.OrganizationId) &&
+ !_currentContext.ManageUsers(organizationUser.OrganizationId)))
{
throw new NotFoundException();
}