diff --git a/src/main/java/de/thm/arsnova/services/QuestionService.java b/src/main/java/de/thm/arsnova/services/QuestionService.java
index b68df961578bcef77f66375660bb17759c4a21ae..320ac562d40ecba0de7b61387ae145f55f77a6cf 100644
--- a/src/main/java/de/thm/arsnova/services/QuestionService.java
+++ b/src/main/java/de/thm/arsnova/services/QuestionService.java
@@ -146,16 +146,15 @@ public class QuestionService implements IQuestionService {
 	}
 
 	@Override
-	@PreAuthorize("isAuthenticated()")
+	@PreAuthorize("isAuthenticated() and hasPermission(#question.getSessionKeyword(), 'session', 'owner')")
 	public void deleteQuestion(String questionId) {
 		Question question = databaseDao.getQuestion(questionId);
 		if (question == null) {
 			throw new NotFoundException();
 		}
 
-		User user = userService.getCurrentUser();
 		Session session = databaseDao.getSession(question.getSessionKeyword());
-		if (user == null || session == null || ! session.isCreator(user)) {
+		if (session == null) {
 			throw new UnauthorizedException();
 		}
 		databaseDao.deleteQuestionWithAnswers(question);
@@ -178,26 +177,24 @@ public class QuestionService implements IQuestionService {
 	}
 
 	@Override
-	@PreAuthorize("isAuthenticated()")
+	@PreAuthorize("isAuthenticated() and hasPermission(#question.getSessionKeyword(), 'session', 'owner')")
 	public void deleteInterposedQuestion(String questionId) {
 		InterposedQuestion question = databaseDao.getInterposedQuestion(questionId);
 		if (question == null) {
 			throw new NotFoundException();
 		}
-		User user = userService.getCurrentUser();
 		Session session = databaseDao.getSessionFromKeyword(question.getSessionId());
-		if (user == null || session == null || ! session.isCreator(user)) {
+		if (session == null) {
 			throw new UnauthorizedException();
 		}
 		databaseDao.deleteInterposedQuestion(question);
 	}
 
 	@Override
-	@PreAuthorize("isAuthenticated()")
+	@PreAuthorize("isAuthenticated() and hasPermission(#sessionKeyword, 'session', 'owner')")
 	public void deleteAllInterposedQuestions(String sessionKeyword) {
-		User user = userService.getCurrentUser();
 		Session session = databaseDao.getSessionFromKeyword(sessionKeyword);
-		if (user == null || session == null || ! session.isCreator(user)) {
+		if (session == null) {
 			throw new UnauthorizedException();
 		}
 		databaseDao.deleteAllInterposedQuestions(session);