diff --git a/src/app/group/controllers/PrivilegeController.php b/src/app/group/controllers/PrivilegeController.php
index de5329596ed51216d45e39c2572728cc325310c9..bc6f0bc9c2963e6c6bdd7e55b07fcfd37b9d7d62 100755
--- a/src/app/group/controllers/PrivilegeController.php
+++ b/src/app/group/controllers/PrivilegeController.php
@@ -90,10 +90,10 @@ class PrivilegeController
             if (empty($args['readOnly']) && !isset($args['parameters']['authorized'])) {
                 return false;
             }
-            if (!PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_users'])) {
-                return false;
-            } elseif (PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_groups'])) {
+            if (PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_groups'])) {
                 return true;
+            } elseif (!PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_users'])) {
+                return false;
             } else {
                 $candidateGroups = $args['parameters']['authorized'] ?? [];
                 $manageableGroups = array_column(UserController::getManageableGroups(['userId' => $args['userId']]), 'id');