diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
index 3f7be7f42..f0bbea881 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
@@ -50,13 +50,14 @@ public UserAccess getCurrentUserAccess() {
         return UserAccess.NONE;
     }
 
-    public boolean isAuthorizedFor(String objectCreatedBy, Group objectGroup) {        
+    public boolean isAuthorizedFor(Group objectGroup) {        
         String groupId = objectGroup == null ? "" : objectGroup.getResourceId();      
-        return isAuthorizedFor(objectCreatedBy, groupId);
+        return isAuthorizedFor(groupId);
     }
     
     
-    public boolean isAuthorizedFor(String objectCreatedBy, String objectGroupResourceId) {
+    public boolean isAuthorizedFor(String objectGroupResourceId) {
+        // Shouldn't be null, but for safety...
         String groupId = objectGroupResourceId == null ? "" : objectGroupResourceId;
         
         switch (getCurrentUserAccess()) { // no user returns NONE
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
index 13e3dd0b9..fe5c52fdd 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
@@ -461,7 +461,7 @@ public EntityDescriptor getEntityDescriptorByResourceId(String resourceId) throw
         if (ed == null) {
             throw new EntityNotFoundException(String.format("The entity descriptor with entity id [%s] was not found.", resourceId));
         }
-        if (!userService.isAuthorizedFor(ed.getCreatedBy(), ed.getGroup())) {
+        if (!userService.isAuthorizedFor(ed.getGroup())) {
             throw new ForbiddenException("You are not authorized to perform the requested operation.");
         }     
         return ed;
@@ -757,7 +757,7 @@ public EntityDescriptorRepresentation update(EntityDescriptorRepresentation edRe
         if (edRep.isServiceEnabled() && !userService.currentUserIsAdmin()) {
             throw new ForbiddenException("You do not have the permissions necessary to enable this service.");
         }
-        if (!userService.isAuthorizedFor(existingEd.getCreatedBy(), existingEd.getGroup())) {
+        if (!userService.isAuthorizedFor(existingEd.getGroup())) {
             throw new ForbiddenException("You are not authorized to perform the requested operation.");
         }        
         // Verify we're the only one attempting to update the EntityDescriptor