diff --git a/pkg/service/maps.go b/pkg/service/maps.go
index 40ea3de..9350424 100644
--- a/pkg/service/maps.go
+++ b/pkg/service/maps.go
@@ -80,6 +80,20 @@ func (svc *Service) GetMap(ctx context.Context, params api.GetMapParams) (*api.M
 //
 // GET /maps/{MapID}/location
 func (svc *Service) GetMapAssetLocation(ctx context.Context, params api.GetMapAssetLocationParams) (ok api.GetMapAssetLocationOK, err error) {
+	userInfo, success := ctx.Value("UserInfo").(UserInfoHandle)
+	if !success {
+		return ok, ErrUserInfo
+	}
+
+	has_role, err := userInfo.HasRoleMapDownload()
+	if err != nil {
+		return ok, err
+	}
+
+	if !has_role {
+		return ok, ErrPermissionDeniedNeedRoleMapDownload
+	}
+
 	// Ensure map exists in the db!
 	// This could otherwise be used to access any asset
 	_, err = svc.Maps.Get(ctx, &maps.IdMessage{