diff --git a/server/AyaNova/Controllers/BackupController.cs b/server/AyaNova/Controllers/BackupController.cs
index a537c5a7..657b6e2b 100644
--- a/server/AyaNova/Controllers/BackupController.cs
+++ b/server/AyaNova/Controllers/BackupController.cs
@@ -122,7 +122,7 @@ namespace AyaNova.Api.Controllers
                 return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
             }
 
-            if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.Backup))//not technically modify but treating as such as a backup is very sensitive data
+            if (!Authorized.HasModifyRole(DownloadUser.Roles, AyaType.Backup))//not technically modify but treating as such as a backup is very sensitive data
             {
                 await Task.Delay(nFailedAuthDelay);//DOS protection
                 return StatusCode(403, new ApiNotAuthorizedResponse());
diff --git a/server/AyaNova/biz/BizRoles.cs b/server/AyaNova/biz/BizRoles.cs
index 320ec8db..8aca88aa 100644
--- a/server/AyaNova/biz/BizRoles.cs
+++ b/server/AyaNova/biz/BizRoles.cs
@@ -337,7 +337,7 @@ namespace AyaNova.Biz
 
             ////////////////////////////////////////////////////////////
             //GLOBAL OPS SETTINGS
-            // (control the backup)
+            // 
             roles.Add(AyaType.GlobalOps, new BizRoleSet()
             {
                 Change = AuthorizationRoles.OpsAdminFull,