diff --git a/server/methods/fixDuplicateLists.js b/server/methods/fixDuplicateLists.js
index b673021ec..63d44eedd 100644
--- a/server/methods/fixDuplicateLists.js
+++ b/server/methods/fixDuplicateLists.js
@@ -4,6 +4,7 @@ import Boards from '/models/boards';
 import Lists from '/models/lists';
 import Swimlanes from '/models/swimlanes';
 import Cards from '/models/cards';
+import ReactiveCache from '/imports/reactiveCache';
 
 /**
  * Fix duplicate lists and swimlanes created by WeKan 8.10
@@ -15,6 +16,10 @@ Meteor.methods({
       throw new Meteor.Error('not-authorized');
     }
 
+    if (!ReactiveCache.getUser(this.userId).isAdmin) {
+      throw new Meteor.Error('not-authorized', 'Admin required');
+    }
+
     if (process.env.DEBUG === 'true') {
       console.log('Starting duplicate lists fix for all boards...');
     }
@@ -55,6 +60,11 @@ Meteor.methods({
       throw new Meteor.Error('not-authorized');
     }
 
+    const board = ReactiveCache.getBoard(boardId);
+    if (!board || !board.hasAdmin(this.userId)) {
+      throw new Meteor.Error('not-authorized');
+    }
+
     return fixDuplicateListsForBoard(boardId);
   }
 });
@@ -203,6 +213,10 @@ Meteor.methods({
       throw new Meteor.Error('not-authorized');
     }
 
+    if (!ReactiveCache.getUser(this.userId).isAdmin) {
+      throw new Meteor.Error('not-authorized', 'Admin required');
+    }
+
     const allBoards = Boards.find({}).fetch();
     const report = [];