diff --git a/modules/worker/back/methods/worker-dms/filter.js b/modules/worker/back/methods/worker-dms/filter.js
index 240a905d2..a6e5d67e7 100644
--- a/modules/worker/back/methods/worker-dms/filter.js
+++ b/modules/worker/back/methods/worker-dms/filter.js
@@ -1,5 +1,6 @@
 const ParameterizedSQL = require('loopback-connector').ParameterizedSQL;
 const {mergeFilters, mergeWhere} = require('vn-loopback/util/filter');
+const UserError = require('vn-loopback/util/user-error');
 
 module.exports = Self => {
     Self.remoteMethodCtx('filter', {
@@ -33,7 +34,10 @@ module.exports = Self => {
         const conn = Self.dataSource.connector;
         const userId = ctx.req.accessToken.userId;
         const models = Self.app.models;
+        const hasPrivs = await models.ACL.checkAccessAcl(ctx, 'WorkerDms', 'hasHighPrivs', '*');
 
+        if (!hasPrivs && userId !== id)
+            throw new UserError('You don\'t have enough privileges');
         // Get ids alloweds
         const account = await models.VnUser.findById(userId);