diff --git a/apps/meteor/app/livechat/imports/server/rest/departments.ts b/apps/meteor/app/livechat/imports/server/rest/departments.ts
index 472a00192635..ce0d9e83143e 100644
--- a/apps/meteor/app/livechat/imports/server/rest/departments.ts
+++ b/apps/meteor/app/livechat/imports/server/rest/departments.ts
@@ -80,6 +80,10 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		async get() {
+			if (!hasAtLeastOnePermission(this.userId, ['view-livechat-departments', 'view-l-room'])) {
+				return API.v1.unauthorized();
+			}
+
 			check(this.urlParams, {
 				_id: String,
 			});
diff --git a/apps/meteor/tests/end-to-end/api/livechat/01-department.js b/apps/meteor/tests/end-to-end/api/livechat/01-department.js
index 8ae6a4daf11e..224a5016b937 100644
--- a/apps/meteor/tests/end-to-end/api/livechat/01-department.js
+++ b/apps/meteor/tests/end-to-end/api/livechat/01-department.js
@@ -32,7 +32,7 @@ describe('LIVECHAT - departments', function () {
 						.expect(403)
 						.expect((res) => {
 							expect(res.body).to.have.property('success', false);
-							expect(res.body.error).to.be.equal('error-not-authorized');
+							expect(res.body.error).to.be.equal('unauthorized');
 						})
 						.end(done);
 				});
@@ -90,7 +90,7 @@ describe('LIVECHAT - departments', function () {
 						.get(api(`livechat/department/${department._id}`))
 						.set(credentials)
 						.expect('Content-Type', 'application/json')
-						.expect(400)
+						.expect(403)
 						.expect((res) => {
 							expect(res.body).to.have.property('success', false);
 							expect(res.body.error).to.be.equal('error-not-authorized');