diff --git a/src/lib/users/guards/has-roles.guard.ts b/src/lib/users/guards/has-roles.guard.ts
index 53227eb..e550e59 100644
--- a/src/lib/users/guards/has-roles.guard.ts
+++ b/src/lib/users/guards/has-roles.guard.ts
@@ -1,9 +1,10 @@
-import { CanActivateFn, Router } from '@angular/router';
+import { Router } from '@angular/router';
 import { inject } from '@angular/core';
 import { IqserUserService } from '../services/iqser-user.service';
 import { TenantsService } from '../../tenants';
+import { AsyncGuard } from '../../services';
 
-export function hasAnyRoleGuard(): CanActivateFn {
+export function doesNotHaveAnyRoleGuard(): AsyncGuard {
     return async () => {
         const router = inject(Router);
         const activeTenantId = inject(TenantsService).activeTenantId;
@@ -15,3 +16,16 @@ export function hasAnyRoleGuard(): CanActivateFn {
         return true;
     };
 }
+
+export function hasAnyRoleGuard(): AsyncGuard {
+    return async () => {
+        const router = inject(Router);
+        const activeTenantId = inject(TenantsService).activeTenantId;
+        const user = await inject(IqserUserService).loadCurrentUser();
+        if (!user?.hasAnyRole) {
+            await router.navigate([`/${activeTenantId}/auth-error`]);
+            return false;
+        }
+        return true;
+    };
+}