diff --git a/src/python/dm/ds_web_service/service/authSessionController.py b/src/python/dm/ds_web_service/service/authSessionController.py
index 6582f7420d325436f3870d7ceb6a221cb6949fb2..f33255a8fb85379b7feb973f795e18b7e48b6208 100755
--- a/src/python/dm/ds_web_service/service/authSessionController.py
+++ b/src/python/dm/ds_web_service/service/authSessionController.py
@@ -11,7 +11,7 @@ class AuthSessionController(DmSessionController):
         self.authSessionControllerImpl = AuthSessionControllerImpl()
 
     @cherrypy.expose
-    @DmSessionController.require(DmSessionController.isLoggedIn())
+    @DmSessionController.require(DmSessionController.isAdministrator())
     @DmSessionController.execute
     def getAuthorizationPrincipal(self, username, **kwargs):
         if not len(username):
diff --git a/src/python/dm/ds_web_service/service/experimentSessionController.py b/src/python/dm/ds_web_service/service/experimentSessionController.py
index c9c583b2e952426b2e0af09937a79a03635f43cd..2fbf98ac96a9afd68f3caaea1511b0a2fd1c88f8 100755
--- a/src/python/dm/ds_web_service/service/experimentSessionController.py
+++ b/src/python/dm/ds_web_service/service/experimentSessionController.py
@@ -22,13 +22,13 @@ class ExperimentSessionController(DmSessionController):
         return self.listToJson(self.experimentSessionControllerImpl.getExperimentTypes())
 
     @cherrypy.expose
-    @DmSessionController.require(DmSessionController.isLoggedIn())
+    @DmSessionController.require(DmSessionController.isAdministrator())
     @DmSessionController.execute
     def getExperiments(self, **kwargs):
         return self.listToJson(self.experimentSessionControllerImpl.getExperiments())
 
     @cherrypy.expose
-    @DmSessionController.require(DmSessionController.isLoggedIn())
+    @DmSessionController.require(DmSessionController.isAdministrator())
     @DmSessionController.execute
     def getExperimentByName(self, name, **kwargs):
         response = self.experimentSessionControllerImpl.getExperimentByName(name).getFullJsonRep()
@@ -36,7 +36,7 @@ class ExperimentSessionController(DmSessionController):
         return response
 
     @cherrypy.expose
-    @DmSessionController.require(DmSessionController.isLoggedIn())
+    @DmSessionController.require(DmSessionController.isAdministrator())
     @DmSessionController.execute
     def getExperimentById(self, id, **kwargs):
         response = self.experimentSessionControllerImpl.getExperimentByid(id).getFullJsonRep()
@@ -44,7 +44,7 @@ class ExperimentSessionController(DmSessionController):
         return response
 
     @cherrypy.expose
-    @DmSessionController.require(DmSessionController.isLoggedIn())
+    @DmSessionController.require(DmSessionController.isAdministrator())
     @DmSessionController.execute
     def addExperiment(self, **kwargs):
         name = kwargs.get('name')
@@ -62,7 +62,7 @@ class ExperimentSessionController(DmSessionController):
         return response
 
     @cherrypy.expose
-    @DmSessionController.require(DmSessionController.isLoggedIn())
+    @DmSessionController.require(DmSessionController.isAdministrator())
     @DmSessionController.execute
     def startExperiment(self, **kwargs):
         name = kwargs.get('name')
@@ -74,7 +74,7 @@ class ExperimentSessionController(DmSessionController):
         return response
 
     @cherrypy.expose
-    @DmSessionController.require(DmSessionController.isLoggedIn())
+    @DmSessionController.require(DmSessionController.isAdministrator())
     @DmSessionController.execute
     def stopExperiment(self, **kwargs):
         name = kwargs.get('name')
diff --git a/src/python/dm/ds_web_service/service/userInfoSessionController.py b/src/python/dm/ds_web_service/service/userInfoSessionController.py
index 984e5ba76fd990784caec442a95ef4ae75e15bb5..14e1d5e01c90799263975fcea8dbedbdb58a5202 100755
--- a/src/python/dm/ds_web_service/service/userInfoSessionController.py
+++ b/src/python/dm/ds_web_service/service/userInfoSessionController.py
@@ -11,13 +11,13 @@ class UserInfoSessionController(DmSessionController):
         self.userInfoSessionControllerImpl = UserInfoSessionControllerImpl()
 
     @cherrypy.expose
-    @DmSessionController.require(DmSessionController.isLoggedIn())
+    @DmSessionController.require(DmSessionController.isAdministrator())
     @DmSessionController.execute
     def getUsers(self, **kwargs):
         return self.listToJson(self.userInfoSessionControllerImpl.getUsers())
 
     @cherrypy.expose
-    @DmSessionController.require(DmSessionController.isLoggedIn())
+    @DmSessionController.require(DmSessionController.isAdministrator())
     @DmSessionController.execute
     def getUserById(self, id, **kwargs):
         if not id:
@@ -27,7 +27,7 @@ class UserInfoSessionController(DmSessionController):
         return response
 
     @cherrypy.expose
-    @DmSessionController.require(DmSessionController.isLoggedIn())
+    @DmSessionController.require(DmSessionController.isAdministrator())
     @DmSessionController.execute
     def getUserByUsername(self, username, **kwargs):
         if not len(username):