diff --git a/persistence-service-v1/persistence-service-external-api-impl-v2/src/main/java/com/iqser/red/persistence/service/v2/external/api/impl/controller/ComponentControllerV2.java b/persistence-service-v1/persistence-service-external-api-impl-v2/src/main/java/com/iqser/red/persistence/service/v2/external/api/impl/controller/ComponentControllerV2.java
index 3f3e12953..eed33943b 100644
--- a/persistence-service-v1/persistence-service-external-api-impl-v2/src/main/java/com/iqser/red/persistence/service/v2/external/api/impl/controller/ComponentControllerV2.java
+++ b/persistence-service-v1/persistence-service-external-api-impl-v2/src/main/java/com/iqser/red/persistence/service/v2/external/api/impl/controller/ComponentControllerV2.java
@@ -22,6 +22,7 @@ import com.iqser.red.service.persistence.service.v2.api.external.model.Component
 import com.iqser.red.service.persistence.service.v2.api.external.model.FileComponents;
 import com.iqser.red.service.persistence.service.v2.api.external.model.FileComponentsList;
 import com.iqser.red.service.persistence.service.v2.api.external.resource.ComponentResource;
+import com.knecon.fforesight.keycloakcommons.security.KeycloakSecurity;
 
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.AccessLevel;
@@ -48,6 +49,7 @@ public class ComponentControllerV2 implements ComponentResource {
                                         @RequestParam(name = INCLUDE_DETAILS_PARAM, defaultValue = "false", required = false) boolean includeDetails) {
 
         dossierTemplatePersistenceService.checkDossierTemplateExistsOrElseThrow404(dossierTemplateId);
+        componentLogService.validateUserRoles(KeycloakSecurity.getUserId());
         var componentLog = componentLogService.getComponentLog(dossierId, fileId, true);
 
         return componentMapper.toFileComponents(componentLog, dossierTemplateId, dossierId, fileId, fileStatusService.getFileName(fileId), includeDetails);
diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/roles/ApplicationRoles.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/roles/ApplicationRoles.java
index f53538221..8c966f94f 100644
--- a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/roles/ApplicationRoles.java
+++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/roles/ApplicationRoles.java
@@ -112,15 +112,11 @@ public final class ApplicationRoles {
     public static final String RED_ADMIN_ROLE = "RED_ADMIN";
     public static final String RED_USER_ADMIN_ROLE = "RED_USER_ADMIN";
 
+    public static final Set<String> VALID_MEMBER_ROLES = Set.of(ApplicationRoles.RED_USER_ROLE, ApplicationRoles.RED_MANAGER_ROLE);
+
     public static final Set<String> UNMAPPED_ACTION_ROLES = Sets.newHashSet(UNARCHIVE_DOSSIER, UPDATE_LICENSE, GET_RSS, USE_SUPPORT_CONTROLLER);
 
-    public static final Set<String> KNECON_ADMIN_ACTION_ROLES = Sets.newHashSet(READ_LICENSE,
-                                                                                UPDATE_LICENSE,
-                                                                                GET_TENANTS,
-                                                                                CREATE_TENANT,
-                                                                                READ_USERS,
-                                                                                READ_ALL_USERS,
-                                                                                WRITE_USERS,
+    public static final Set<String> KNECON_ADMIN_ACTION_ROLES = Sets.newHashSet(READ_LICENSE, UPDATE_LICENSE, GET_TENANTS, CREATE_TENANT, READ_USERS, READ_ALL_USERS, WRITE_USERS,
                                                                                 READ_SMTP_CONFIGURATION,
                                                                                 WRITE_SMTP_CONFIGURATION,
                                                                                 UNARCHIVE_DOSSIER,
diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/ComponentLogService.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/ComponentLogService.java
index 6e4800d01..696caab9d 100644
--- a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/ComponentLogService.java
+++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/ComponentLogService.java
@@ -4,14 +4,19 @@ import java.util.ArrayList;
 import java.util.Comparator;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.stream.Collectors;
 
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import com.iqser.red.service.persistence.management.v1.processor.entity.dossier.ComponentDefinitionEntity;
+import com.iqser.red.service.persistence.management.v1.processor.exception.NotAllowedException;
+import com.iqser.red.service.persistence.management.v1.processor.roles.ApplicationRoles;
 import com.iqser.red.service.persistence.management.v1.processor.service.persistence.AuditPersistenceService;
 import com.iqser.red.service.persistence.management.v1.processor.service.persistence.ComponentDefinitionPersistenceService;
+import com.iqser.red.service.persistence.management.v1.processor.service.users.UserService;
+import com.iqser.red.service.persistence.management.v1.processor.service.users.model.User;
 import com.iqser.red.service.persistence.service.v1.api.shared.model.AuditCategory;
 import com.iqser.red.service.persistence.service.v1.api.shared.model.analysislog.componentlog.ComponentLog;
 import com.iqser.red.service.persistence.service.v1.api.shared.model.analysislog.componentlog.ComponentLogEntry;
@@ -32,6 +37,7 @@ public class ComponentLogService {
     private final ComponentLogMongoService componentLogMongoService;
     private final AuditPersistenceService auditPersistenceService;
     private final ComponentDefinitionPersistenceService componentDefinitionPersistenceService;
+    private final UserService userService;
 
 
     public ComponentLog getComponentLog(String dossierId, String fileId, boolean includeOverrides) {
@@ -58,6 +64,19 @@ public class ComponentLogService {
     }
 
 
+    public void validateUserRoles(String userId) {
+
+        Optional<User> userOptional = userService.getUserById(userId);
+        if (userOptional.isPresent()) {
+            if (userOptional.get().getRoles()
+                    .stream()
+                    .noneMatch(ApplicationRoles.VALID_MEMBER_ROLES::contains)) {
+                throw new NotAllowedException("User doesn't have appropriate roles");
+            }
+        }
+    }
+
+
     private ComponentLog sortComponentLogEntries(ComponentLog componentLog, List<String> orderedNames) {
 
         List<ComponentLogEntry> componentLogEntries = componentLog.getComponentLogEntries();