diff --git a/src/iam/router.py b/src/iam/router.py
index ee31a4e..1cf904c 100644
--- a/src/iam/router.py
+++ b/src/iam/router.py
@@ -108,7 +108,7 @@ async def create_group(db: db_dependency, org_model: org_model_root_claim_body_d
 
 @router.put("/group/permission", response_model=IAMPutGroupPermissionResponse)
 async def add_group_permission(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupPermissionRequest):
-	if group_model.org_id == org_model.id:
+	if group_model.org_id != org_model.id:
 		raise UnauthorizedException()
 
 	if perm_model in group_model.permission_rel:
@@ -124,7 +124,7 @@ async def add_group_permission(db: db_dependency, group_model: group_model_body_
 
 @router.put("/group/user")
 async def add_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupUserRequest):
-	if group_model.org_id == org_model.id:
+	if group_model.org_id != org_model.id:
 		raise UnauthorizedException()
 
 	if user_model in group_model.user_rel:
@@ -139,7 +139,7 @@ async def add_group_user(db: db_dependency, group_model: group_model_body_depend
 
 @router.delete("/group/permissions")
 async def remove_group_permissions(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMDeleteGroupPermissionRequest):
-	if group_model.org_id == org_model.id:
+	if group_model.org_id != org_model.id:
 		raise UnauthorizedException()
 
 	group_model.permission_rel.remove(perm_model)
@@ -152,7 +152,7 @@ async def remove_group_permissions(db: db_dependency, group_model: group_model_b
 
 @router.delete("/group/user")
 async def remove_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMDeleteGroupUserRequest):
-	if group_model.org_id == org_model.id:
+	if group_model.org_id != org_model.id:
 		raise UnauthorizedException()
 
 	user_model.group_rel.remove(group_model)