diff --git a/things/service.go b/things/service.go
index 0d8c8abe..83620924 100644
--- a/things/service.go
+++ b/things/service.go
@@ -25,6 +25,7 @@ const (
 
 	userType  = "user"
 	tokenKind = "token"
+	userKind  = "users"
 	thingType = "thing"
 	groupType = "group"
 )
@@ -143,7 +144,7 @@ func (svc service) ListClients(ctx context.Context, token string, reqUserID stri
 
 	switch {
 	case (reqUserID != "" && reqUserID != userID):
-		if _, err := svc.authorize(ctx, userType, tokenKind, userID, ownerPermission, userType, reqUserID); err != nil {
+		if _, err := svc.authorize(ctx, userType, userKind, userID, ownerRelation, userType, reqUserID); err != nil {
 			return mfclients.ClientsPage{}, err
 		}
 		rtids, err := svc.listClientIDs(ctx, reqUserID, pm.Permission)
diff --git a/users/service.go b/users/service.go
index 7491e147..4dac28c7 100644
--- a/users/service.go
+++ b/users/service.go
@@ -22,6 +22,7 @@ const (
 	userKind   = "users"
 	tokenKind  = "token"
 	thingsKind = "things"
+	groupsKind = "groups"
 
 	userType  = "user"
 	groupType = "group"
@@ -385,14 +386,19 @@ func (svc service) changeClientStatus(ctx context.Context, token string, client
 
 func (svc service) ListMembers(ctx context.Context, token, objectKind string, objectID string, pm mfclients.Page) (mfclients.MembersPage, error) {
 	var objectType string
+	var authzPerm string
 	switch objectKind {
 	case thingsKind:
 		objectType = thingType
+		authzPerm = pm.Permission
+	case groupsKind:
+		fallthrough
 	default:
 		objectType = groupType
+		authzPerm = auth.SwitchToPermission(pm.Permission)
 	}
 
-	if _, err := svc.authorize(ctx, userType, tokenKind, token, auth.SwitchToPermission(pm.Permission), objectType, objectID); err != nil {
+	if _, err := svc.authorize(ctx, userType, tokenKind, token, authzPerm, objectType, objectID); err != nil {
 		return mfclients.MembersPage{}, err
 	}
 	uids, err := svc.auth.ListAllSubjects(ctx, &mainflux.ListSubjectsReq{