diff --git a/db/versions/11292-tealChrysanthemum/00-firstScript.sql b/db/versions/11292-tealChrysanthemum/00-firstScript.sql
index b4162df63..798fc256c 100644
--- a/db/versions/11292-tealChrysanthemum/00-firstScript.sql
+++ b/db/versions/11292-tealChrysanthemum/00-firstScript.sql
@@ -2,5 +2,6 @@ INSERT INTO salix.ACL (model, property, accessType, permission, principalType, p
 	VALUES
 		('Route', 'getTickets', 'READ', 'ALLOW', 'ROLE', 'delivery'),
 		('AgencyTerm', 'filter', 'READ', 'ALLOW', 'ROLE', 'delivery'),
-		('Route', 'summary', 'READ', 'ALLOW', 'ROLE', 'delivery');
+		('Route', 'summary', 'READ', 'ALLOW', 'ROLE', 'delivery'),
+		('AgencyTerm', 'getRouteByAgency', 'READ', 'ALLOW', 'ROLE', 'delivery');
 
diff --git a/modules/route/back/methods/agency-term/filter.js b/modules/route/back/methods/agency-term/filter.js
index 4641bcea3..f60966649 100644
--- a/modules/route/back/methods/agency-term/filter.js
+++ b/modules/route/back/methods/agency-term/filter.js
@@ -73,9 +73,10 @@ module.exports = Self => {
         });
 
         filter = mergeFilters(ctx.args?.filter ?? {}, {where});
+        const getRouteByAgency = await models.ACL.checkAccessAcl(ctx, 'Route', 'getRouteByAgency', 'WRITE');
 
         const supplier = await Self.app.models.Supplier.isSupplier(ctx, myOptions);
-        if (supplier) {
+        if (supplier && getRouteByAgency) {
             if (!filter.where) filter.where = {};
             filter.where[`a.supplierFk`] = supplier.id;
         }