diff --git a/api/controllers/console/app/app.py b/api/controllers/console/app/app.py
index 4aa10ac6e9..e8ee50e8a5 100644
--- a/api/controllers/console/app/app.py
+++ b/api/controllers/console/app/app.py
@@ -316,7 +316,7 @@ class AppTraceApi(Resource):
     @account_initialization_required
     def post(self, app_id):
         # add app trace
-        if not current_user.is_admin_or_owner:
+        if not current_user.is_editing_role:
             raise Forbidden()
         parser = reqparse.RequestParser()
         parser.add_argument("enabled", type=bool, required=True, location="json")