diff --git a/lib/Service/RowService.php b/lib/Service/RowService.php
index 684b6e043..0f0398a99 100644
--- a/lib/Service/RowService.php
+++ b/lib/Service/RowService.php
@@ -365,6 +365,11 @@ public function updateSet(
 
 		if ($viewId) {
 			// security
+			if (!$this->permissionsService->canReadRowsByElementId($viewId, 'view', $userId)) {
+				$e = new \Exception('Row not found.');
+				$this->logger->error($e->getMessage(), ['exception' => $e]);
+				throw new NotFoundError(get_class($this) . ' - ' . __FUNCTION__ . ': '.$e->getMessage());
+			}
 			if (!$this->permissionsService->canUpdateRowsByViewId($viewId)) {
 				$e = new \Exception('Update row is not allowed.');
 				$this->logger->error($e->getMessage(), ['exception' => $e]);
@@ -400,6 +405,11 @@ public function updateSet(
 			$tableId = $item->getTableId();
 
 			// security
+			if (!$this->permissionsService->canReadRowsByElementId($item->getTableId(), 'table', $userId)) {
+				$e = new \Exception('Row not found.');
+				$this->logger->error($e->getMessage(), ['exception' => $e]);
+				throw new NotFoundError(get_class($this) . ' - ' . __FUNCTION__ . ': '.$e->getMessage());
+			}
 			if (!$this->permissionsService->canUpdateRowsByTableId($tableId)) {
 				$e = new \Exception('Update row is not allowed.');
 				$this->logger->error($e->getMessage(), ['exception' => $e]);
@@ -457,6 +467,11 @@ public function delete(int $id, ?int $viewId, string $userId): Row2 {
 
 		if ($viewId) {
 			// security
+			if (!$this->permissionsService->canReadRowsByElementId($viewId, 'view', $userId)) {
+				$e = new \Exception('Row not found.');
+				$this->logger->error($e->getMessage(), ['exception' => $e]);
+				throw new NotFoundError(get_class($this) . ' - ' . __FUNCTION__ . ': '.$e->getMessage());
+			}
 			if (!$this->permissionsService->canDeleteRowsByViewId($viewId)) {
 				$e = new \Exception('Update row is not allowed.');
 				$this->logger->error($e->getMessage(), ['exception' => $e]);
@@ -475,6 +490,11 @@ public function delete(int $id, ?int $viewId, string $userId): Row2 {
 			}
 		} else {
 			// security
+			if (!$this->permissionsService->canReadRowsByElementId($item->getTableId(), 'table', $userId)) {
+				$e = new \Exception('Row not found.');
+				$this->logger->error($e->getMessage(), ['exception' => $e]);
+				throw new NotFoundError(get_class($this) . ' - ' . __FUNCTION__ . ': '.$e->getMessage());
+			}
 			if (!$this->permissionsService->canDeleteRowsByTableId($item->getTableId())) {
 				$e = new \Exception('Update row is not allowed.');
 				$this->logger->error($e->getMessage(), ['exception' => $e]);