diff --git a/BMA.EHR.Placement.Service/Controllers/PlacementController.cs b/BMA.EHR.Placement.Service/Controllers/PlacementController.cs
index 1a9260ef..51a09094 100644
--- a/BMA.EHR.Placement.Service/Controllers/PlacementController.cs
+++ b/BMA.EHR.Placement.Service/Controllers/PlacementController.cs
@@ -64,7 +64,7 @@ namespace BMA.EHR.Placement.Service.Controllers
         private string? UserId => _httpContextAccessor?.HttpContext?.User?.FindFirst(ClaimTypes.NameIdentifier)?.Value;
         private string? FullName => _httpContextAccessor?.HttpContext?.User?.FindFirst("name")?.Value;
         private string? token => _httpContextAccessor.HttpContext.Request.Headers["Authorization"];
-        private bool isSuperAdmin => _httpContextAccessor?.HttpContext?.User?.IsInRole("SUPER_ADMIN") ?? false;
+        //private bool isSuperAdmin => _httpContextAccessor?.HttpContext?.User?.IsInRole("SUPER_ADMIN") ?? false;
 
         #endregion
 
@@ -867,8 +867,17 @@ namespace BMA.EHR.Placement.Service.Controllers
         [ProducesResponseType(StatusCodes.Status500InternalServerError)]
         public async Task<ActionResult<ResponseObject>> PersonUpdateStatus([FromBody] PersonUpdateStatusRequest req)
         {
-            if (isSuperAdmin == false)
-                return Success();
+            var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_PLACEMENT_PASS");
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
+            string role = jsonData["result"]?.ToString();
+            if (role != "OWNER")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
 
             var person = await _context.PlacementProfiles
                             .FirstOrDefaultAsync(x => x.Id == req.PersonalId);