diff --git a/server/AyaNova/Controllers/DataListController.cs b/server/AyaNova/Controllers/DataListController.cs
index 0efef10d..c3bd0ac1 100644
--- a/server/AyaNova/Controllers/DataListController.cs
+++ b/server/AyaNova/Controllers/DataListController.cs
@@ -94,7 +94,7 @@ namespace AyaNova.Api.Controllers
 
                 //IF user is a customer type check if they are allowed to view this datalist
                 if (UType == UserType.Customer || UType == UserType.HeadOffice)
-                    if (!await CustomerTypeUserIsAllowedThisDataList(UserId, UserRoles, tableRequest.ClientCriteria, tableRequest.DataListKey))
+                    if (!await HandleCustomerTypeUserDataListRequest(UserId, tableRequest))
                         return StatusCode(403, new ApiNotAuthorizedResponse());
 
                 //hydrate the saved view and filter
@@ -113,38 +113,36 @@ namespace AyaNova.Api.Controllers
             }
         }
 
-        private async Task<bool> CustomerTypeUserIsAllowedThisDataList(long currentUserId, AuthorizationRoles userRoles, string clientCriteria, string dataListKey)
+        private async Task<bool> HandleCustomerTypeUserDataListRequest(long currentUserId, DataListTableRequest tableRequest)
         {
-            //all customer data lists require client criteria
-            if (string.IsNullOrWhiteSpace(clientCriteria))
-                return false;
 
-            //ClientCriteria format for this list is "OBJECTID,AYATYPE" 
-            var crit = (clientCriteria ?? "").Split(',').Select(z => z.Trim()).ToArray();
-            if (crit.Length < 3)
-                return false;
 
-            int nType = 0;
-            if (!int.TryParse(crit[1], out nType)) return false;
-            AyaType forType = (AyaType)nType;
-            if (forType != AyaType.Customer && forType != AyaType.HeadOffice) return false;
+            // //ClientCriteria format for this list is "OBJECTID,AYATYPE" 
+            // var crit = (clientCriteria ?? "").Split(',').Select(z => z.Trim()).ToArray();
+            // if (crit.Length < 3)
+            //     return false;
 
-            long lId = 0;
-            if (!long.TryParse(crit[0], out lId)) return false;
-            if (lId == 0) return false;
+            // int nType = 0;
+            // if (!int.TryParse(crit[1], out nType)) return false;
+            // AyaType forType = (AyaType)nType;
+            // if (forType != AyaType.Customer && forType != AyaType.HeadOffice) return false;
+
+            // long lId = 0;
+            // if (!long.TryParse(crit[0], out lId)) return false;
+            // if (lId == 0) return false;
 
             //Have valid type, have an id, is this User actually connected to the entity they are requesting data for
-            var User = await ct.User.AsNoTracking().Select(x => new { x.CustomerId, x.HeadOfficeId }).FirstOrDefaultAsync();
-            switch (forType)
+            var UserInfo = await ct.User.AsNoTracking().Select(x => new { x.UserType, x.CustomerId, x.HeadOfficeId }).FirstOrDefaultAsync();
+            switch (UserInfo.UserType)
             {
-                case AyaType.Customer:
-                    if (lId != User.CustomerId)
-                        return false;
+                case UserType.Customer:
+                    tableRequest.ClientCriteria = $"{UserInfo.CustomerId},{(int)AyaType.Customer}";
                     break;
-                case AyaType.HeadOffice:
-                    if (lId != User.HeadOfficeId)
-                        return false;
+                case UserType.HeadOffice:
+                    tableRequest.ClientCriteria = $"{UserInfo.HeadOfficeId},{(int)AyaType.HeadOffice}";
                     break;
+                default://other user types can fuck right off!
+                    return false;
             }
 
             switch (dataListKey)