diff --git a/api/src/Controllers/UsersController.cs b/api/src/Controllers/UsersController.cs
index f10b9e9..0ec74bf 100644
--- a/api/src/Controllers/UsersController.cs
+++ b/api/src/Controllers/UsersController.cs
@@ -30,8 +30,6 @@ public class UsersController : ControllerBase {
         List<UserDto> dtoArray = new List<UserDto>();
 
         foreach(User user in rawArray) {
-            // TODO: can you operator overload a cast? if so cast<UserDto>(UserDto) would go hard
-            // if not then just a new custom cast function that returns a dto type will do
             UserDto newDto = new UserDto(user);
             dtoArray.Add(newDto);
         }
@@ -70,7 +68,8 @@ public class UsersController : ControllerBase {
     [HttpDelete("{id}/{permission}")]
     public async Task<ActionResult> removePermission(string id, string permission) {
 
-        if(permission == Permission.SensitiveData_Modify) return BadRequest(); // dont allow permission removal of whats allowing us to re-add premissions
+	    var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
+        if(permission == Permission.SensitiveData_Modify && userId == id) return BadRequest(); // dont allow permission removal of whats allowing us to re-add premissions
 
         // get list of permissions of that user
         var user = await service_.GetById(id);