diff --git a/apps/terminal/api/session.py b/apps/terminal/api/session.py
index 5303bbdb2..7071ddd33 100644
--- a/apps/terminal/api/session.py
+++ b/apps/terminal/api/session.py
@@ -26,7 +26,7 @@ logger = get_logger(__name__)
 class SessionViewSet(OrgBulkModelViewSet):
     queryset = Session.objects.all()
     serializer_class = serializers.SessionSerializer
-    permission_classes = (IsOrgAdminOrAppUser | IsOrgAuditor, )
+    permission_classes = (IsOrgAdminOrAppUser, )
     filter_fields = [
         "user", "asset", "system_user", "remote_addr",
         "protocol", "terminal", "is_finished",
@@ -53,6 +53,11 @@ class SessionViewSet(OrgBulkModelViewSet):
             serializer.validated_data["system_user"] = _system_user.name
         return super().perform_create(serializer)
 
+    def get_permissions(self):
+        if self.request.method.lower() in ['get']:
+            self.permission_classes = (IsOrgAdminOrAppUser | IsOrgAuditor, )
+        return super().get_permissions()
+
 
 class SessionReplayViewSet(viewsets.ViewSet):
     serializer_class = serializers.ReplaySerializer
diff --git a/apps/terminal/templates/terminal/session_list.html b/apps/terminal/templates/terminal/session_list.html
index 6ac9b7bd8..d23d9be02 100644
--- a/apps/terminal/templates/terminal/session_list.html
+++ b/apps/terminal/templates/terminal/session_list.html
@@ -41,7 +41,7 @@
     </table>
 
     <div id="actions" class="hide">
-        {% if type == "online" %}
+        {% if type == "online" and request.user.can_admin_current_org %}
         <div class="input-group">
             <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
                 <option value="terminate">{% trans 'Terminate selected' %}</option>
@@ -140,7 +140,7 @@ function initTable() {
                     replayBtn = replayBtn.replace("disabled", "")
                 }
                 var termBtn = '<a class="btn btn-xs btn-danger btn-term" disabled value="sessionID" terminal="terminalID" >{% trans "Terminate" %}</a>';
-                if ("{{ request.user.is_org_admin }}" === "True") {
+                if ("{{ request.user.can_admin_current_org }}" === "True") {
                     termBtn = termBtn.replace("disabled", "")
                         .replace("sessionID", cellData)
                         .replace("terminalID", rowData.terminal)