diff --git a/modules/claim/back/methods/claim/specs/updateClaim.spec.js b/modules/claim/back/methods/claim/specs/updateClaim.spec.js
index 8cab7a156..0222164ec 100644
--- a/modules/claim/back/methods/claim/specs/updateClaim.spec.js
+++ b/modules/claim/back/methods/claim/specs/updateClaim.spec.js
@@ -54,6 +54,7 @@ describe('Update Claim', () => {
         let data = {
             observation: 'valid observation',
             claimStateFk: correctState,
+            hasToPickUp: false
         };
         let ctx = {
             req: {
diff --git a/modules/claim/back/methods/claim/updateClaim.js b/modules/claim/back/methods/claim/updateClaim.js
index 62fb66803..de74c54e8 100644
--- a/modules/claim/back/methods/claim/updateClaim.js
+++ b/modules/claim/back/methods/claim/updateClaim.js
@@ -28,6 +28,8 @@ module.exports = Self => {
 
     Self.updateClaim = async(ctx, id, data) => {
         const models = Self.app.models;
+        const userId = ctx.req.accessToken.userId;
+
         const $t = ctx.req.__; // $translate
         const claim = await models.Claim.findById(id, {
             include: {
@@ -40,10 +42,12 @@ module.exports = Self => {
             }
         });
 
-        let canUpdate = await canChangeState(ctx, claim.claimStateFk);
-        let hasRights = await canChangeState(ctx, data.claimStateFk);
+        const canUpdate = await canChangeState(ctx, claim.claimStateFk);
+        const hasRights = await canChangeState(ctx, data.claimStateFk);
+        const isSalesAssistant = await models.Account.hasRole(userId, 'salesAssistant');
+        const changedHasToPickUp = claim.hasToPickUp != data.hasToPickUp;
 
-        if (!canUpdate || !hasRights)
+        if (!canUpdate || !hasRights || changedHasToPickUp && !isSalesAssistant)
             throw new UserError(`You don't have enough privileges to change that field`);
 
         const updatedClaim = await claim.updateAttributes(data);
diff --git a/modules/claim/front/basic-data/index.html b/modules/claim/front/basic-data/index.html
index 0f8bcc51f..710068196 100644
--- a/modules/claim/front/basic-data/index.html
+++ b/modules/claim/front/basic-data/index.html
@@ -56,7 +56,8 @@
         <vn-horizontal>
             <vn-check vn-one class="vn-mr-md"
                 label="Pick up"
-                ng-model="$ctrl.claim.hasToPickUp">
+                ng-model="$ctrl.claim.hasToPickUp"
+                vn-acl="salesAssistant">
             </vn-check>
         </vn-horizontal>
     </vn-card>
diff --git a/package-lock.json b/package-lock.json
index 4a597175a..4a34836a4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11410,9 +11410,9 @@
             }
         },
         "loopback-connector-mysql": {
-            "version": "5.4.2",
-            "resolved": "https://registry.npmjs.org/loopback-connector-mysql/-/loopback-connector-mysql-5.4.2.tgz",
-            "integrity": "sha512-f5iIIcJdfUuBUkScGcK7m4dLZnpjFjl1iFG5OHTk8pFwDq7+Xap/0H99ulueRp2ljfqbULTUvt3Rg1y/W5smtw==",
+            "version": "5.4.3",
+            "resolved": "https://registry.npmjs.org/loopback-connector-mysql/-/loopback-connector-mysql-5.4.3.tgz",
+            "integrity": "sha512-HQ0Nnscyhhk+4zsDhXyR8dYdkhxIBN8r8N1futX5xznWjCZ4dpkG5svoPOMUjoNaDEtZuLr1I2E4CKb6f5u9Mw==",
             "requires": {
                 "async": "^2.6.1",
                 "debug": "^3.1.0",
@@ -12231,14 +12231,35 @@
             }
         },
         "mysql": {
-            "version": "2.17.1",
-            "resolved": "https://registry.npmjs.org/mysql/-/mysql-2.17.1.tgz",
-            "integrity": "sha512-7vMqHQ673SAk5C8fOzTG2LpPcf3bNt0oL3sFpxPEEFp1mdlDcrLK0On7z8ZYKaaHrHwNcQ/MTUz7/oobZ2OyyA==",
+            "version": "2.18.1",
+            "resolved": "https://registry.npmjs.org/mysql/-/mysql-2.18.1.tgz",
+            "integrity": "sha512-Bca+gk2YWmqp2Uf6k5NFEurwY/0td0cpebAucFpY/3jhrwrVGuxU2uQFCHjU19SJfje0yQvi+rVWdq78hR5lig==",
             "requires": {
-                "bignumber.js": "7.2.1",
-                "readable-stream": "2.3.6",
+                "bignumber.js": "9.0.0",
+                "readable-stream": "2.3.7",
                 "safe-buffer": "5.1.2",
                 "sqlstring": "2.3.1"
+            },
+            "dependencies": {
+                "bignumber.js": {
+                    "version": "9.0.0",
+                    "resolved": "https://registry.npmjs.org/bignumber.js/-/bignumber.js-9.0.0.tgz",
+                    "integrity": "sha512-t/OYhhJ2SD+YGBQcjY8GzzDHEk9f3nerxjtfa6tlMXfe7frs/WozhvCNoGvpM0P3bNf3Gq5ZRMlGr5f3r4/N8A=="
+                },
+                "readable-stream": {
+                    "version": "2.3.7",
+                    "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz",
+                    "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==",
+                    "requires": {
+                        "core-util-is": "~1.0.0",
+                        "inherits": "~2.0.3",
+                        "isarray": "~1.0.0",
+                        "process-nextick-args": "~2.0.0",
+                        "safe-buffer": "~5.1.1",
+                        "string_decoder": "~1.1.1",
+                        "util-deprecate": "~1.0.1"
+                    }
+                }
             }
         },
         "mysql2": {
diff --git a/package.json b/package.json
index 0195aaa9e..c24022e5e 100644
--- a/package.json
+++ b/package.json
@@ -17,7 +17,7 @@
         "loopback-boot": "^2.27.1",
         "loopback-component-explorer": "^6.5.0",
         "loopback-component-storage": "^3.6.1",
-        "loopback-connector-mysql": "^5.4.2",
+        "loopback-connector-mysql": "^5.4.3",
         "loopback-connector-remote": "^3.4.1",
         "loopback-context": "^3.4.0",
         "md5": "^2.2.1",