diff --git a/devdocs/todo.txt b/devdocs/todo.txt
index ecfde759..42fe66ea 100644
--- a/devdocs/todo.txt
+++ b/devdocs/todo.txt
@@ -5,7 +5,8 @@
 ## IMMEDIATE ITEMS
 
 
-
+todo: bugbug BizAdminFull can't get widgetlist but is allowed to edit a widget, datalist is using Bizroles.getrolset to see if user has read full rights expecting change will supersed
+	however GET route is using Authorized.HasReadFullRole which does take into consideration change superseding so need to fix datalist stuff
 
 todo: move to client work then back here to document after
 todo: api / server landing page is shitty on a mobile
diff --git a/server/AyaNova/DataList/TestUserDataList.cs b/server/AyaNova/DataList/TestUserDataList.cs
index c94b6745..b915365c 100644
--- a/server/AyaNova/DataList/TestUserDataList.cs
+++ b/server/AyaNova/DataList/TestUserDataList.cs
@@ -9,9 +9,9 @@ namespace AyaNova.DataList
         public TestUserDataList()
         {
             DefaultListObjectType = AyaType.User;
-
             SQLFrom = "from auser";
-            AllowedRoles = BizRoles.GetRoleSet(DefaultListObjectType).ReadFullRecord;
+            var RoleSet = BizRoles.GetRoleSet(DefaultListObjectType);
+            AllowedRoles = RoleSet.ReadFullRecord | RoleSet.Change;
 
             //Default ListView
             dynamic dlistView = new JArray();
diff --git a/server/AyaNova/DataList/TestWidgetDataList.cs b/server/AyaNova/DataList/TestWidgetDataList.cs
index dbe23782..ab90b100 100644
--- a/server/AyaNova/DataList/TestWidgetDataList.cs
+++ b/server/AyaNova/DataList/TestWidgetDataList.cs
@@ -7,10 +7,10 @@ namespace AyaNova.DataList
     {
         public TestWidgetDataList()
         {
-
             DefaultListObjectType = AyaType.Widget;
             SQLFrom = "from awidget left outer join auser on (awidget.userid=auser.id)";
-            AllowedRoles = BizRoles.GetRoleSet(DefaultListObjectType).ReadFullRecord;
+            var RoleSet = BizRoles.GetRoleSet(DefaultListObjectType);
+            AllowedRoles = RoleSet.ReadFullRecord | RoleSet.Change;
 
             //Default ListView
             dynamic dlistView = new JArray();
diff --git a/server/AyaNova/DataList/TestWidgetUserEmailDataList.cs b/server/AyaNova/DataList/TestWidgetUserEmailDataList.cs
index b492bc3d..cb02b0bd 100644
--- a/server/AyaNova/DataList/TestWidgetUserEmailDataList.cs
+++ b/server/AyaNova/DataList/TestWidgetUserEmailDataList.cs
@@ -16,10 +16,11 @@ namespace AyaNova.DataList
 
         public TestWidgetUserEmailDataList()
         {
-
-            SQLFrom = "from awidget left outer join auser on (awidget.userid=auser.id) left outer join auseroptions on (auser.id=auseroptions.userid)";
-            AllowedRoles = BizRoles.GetRoleSet(DefaultListObjectType).ReadFullRecord;
             DefaultListObjectType = AyaType.Widget;
+            SQLFrom = "from awidget left outer join auser on (awidget.userid=auser.id) left outer join auseroptions on (auser.id=auseroptions.userid)";
+            var RoleSet = BizRoles.GetRoleSet(DefaultListObjectType);
+            AllowedRoles = RoleSet.ReadFullRecord | RoleSet.Change;
+
             //Default ListView
             dynamic dlistView = new JArray();
 
diff --git a/server/AyaNova/biz/BizRoles.cs b/server/AyaNova/biz/BizRoles.cs
index d7f9c9c9..52131d46 100644
--- a/server/AyaNova/biz/BizRoles.cs
+++ b/server/AyaNova/biz/BizRoles.cs
@@ -235,6 +235,8 @@ namespace AyaNova.Biz
             }
         }
 
+        
+
 
     }//end of class