server/AyaNova/Controllers/BackupController.cs

@@ -122,7 +122,7 @@ namespace AyaNova.Api.Controllers
                 return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
             }
 
-            if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.Backup))//not technically modify but treating as such as a backup is very sensitive data
+            if (!Authorized.HasModifyRole(DownloadUser.Roles, AyaType.Backup))//not technically modify but treating as such as a backup is very sensitive data
             {
                 await Task.Delay(nFailedAuthDelay);//DOS protection
                 return StatusCode(403, new ApiNotAuthorizedResponse());

server/AyaNova/biz/BizRoles.cs

@@ -337,7 +337,7 @@ namespace AyaNova.Biz
 
             ////////////////////////////////////////////////////////////
             //GLOBAL OPS SETTINGS
-            // (control the backup)
+            // 
             roles.Add(AyaType.GlobalOps, new BizRoleSet()
             {
                 Change = AuthorizationRoles.OpsAdminFull,