diff --git a/src/controllers/branch-controller.ts b/src/controllers/branch-controller.ts
index e8b23ae..0aa653e 100644
--- a/src/controllers/branch-controller.ts
+++ b/src/controllers/branch-controller.ts
@@ -151,7 +151,6 @@ export class BranchController extends Controller {
   @Get()
   @Security("keycloak")
   async getBranch(
-    @Request() req: RequestWithUser,
     @Query() zipCode?: string,
     @Query() filter?: "head" | "sub",
     @Query() headOfficeId?: string,
@@ -162,9 +161,6 @@ export class BranchController extends Controller {
   ) {
     const where = {
       AND: {
-        user: !["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v))
-          ? { some: { userId: req.user.sub } }
-          : undefined,
         headOfficeId: headOfficeId ?? (filter === "head" || tree ? null : undefined),
         NOT: { headOfficeId: filter === "sub" && !headOfficeId ? null : undefined },
       },
@@ -415,17 +411,15 @@ export class BranchController extends Controller {
       throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
     }
 
-    if (!["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v))) {
-      if (
-        branch?.createdByUserId !== req.user.sub &&
-        !branch?.user.find((v) => v.userId === req.user.sub)
-      ) {
-        throw new HttpError(
-          HttpStatus.FORBIDDEN,
-          "You do not have permission to perform this action.",
-          "noPermission",
-        );
-      }
+    if (
+      !["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v)) &&
+      !branch?.user.find((v) => v.userId === req.user.sub)
+    ) {
+      throw new HttpError(
+        HttpStatus.FORBIDDEN,
+        "You do not have permission to perform this action.",
+        "noPermission",
+      );
     }
 
     const record = await prisma.branch.update({