diff --git a/services/api/src/resources/organization/resolvers.ts b/services/api/src/resources/organization/resolvers.ts
index 24945bd2d0..7d1401dcb9 100644
--- a/services/api/src/resources/organization/resolvers.ts
+++ b/services/api/src/resources/organization/resolvers.ts
@@ -385,7 +385,9 @@ export const getUserByEmailAndOrganizationId: ResolverFn = async (
   { email, organization},
   { sqlClientPool, models, hasPermission },
 ) => {
-  await hasPermission('organization', 'viewUser', organization);
+  await hasPermission('organization', 'viewUser', {
+    organization: organization
+  });
 
   try {
     const user = await models.UserModel.loadUserByUsername(email);
diff --git a/services/api/src/resources/user/resolvers.ts b/services/api/src/resources/user/resolvers.ts
index 562402933a..2f4d42cb7e 100644
--- a/services/api/src/resources/user/resolvers.ts
+++ b/services/api/src/resources/user/resolvers.ts
@@ -233,9 +233,15 @@ export const addUserToOrganization: ResolverFn = async (
     owner: false,
   }
   if (owner) {
+    await hasPermission('organization', 'addOwner', {
+      organization: organization
+    });
     updateUser.owner = true
+  } else {
+    await hasPermission('organization', 'addViewer', {
+      organization: organization
+    });
   }
-  await hasPermission('organization', 'addViewer')
   await models.UserModel.updateUser(updateUser);
 
   userActivityLogger(`User added a user to organization '${organizationData.name}'`, {
@@ -272,7 +278,9 @@ export const removeUserFromOrganization: ResolverFn = async (
     username: R.prop('email', userInput),
   });
 
-  await hasPermission('organization', 'addOwner');
+  await hasPermission('organization', 'addOwner', {
+    organization: organization
+  });
 
   await models.UserModel.updateUser({
     id: user.id,