diff --git a/settings/ajax/setquota.php b/settings/ajax/setquota.php
index 2b412c0f2fdc923b02fc01382b9bd60f3b839ed6..55e936515ec58bec78a7ecc68796e0e2e4483cd9 100644
--- a/settings/ajax/setquota.php
+++ b/settings/ajax/setquota.php
@@ -8,11 +8,17 @@
 // Init owncloud
 require_once('../../lib/base.php');
 
-OC_JSON::checkAdminUser();
+OC_JSON::checkSubAdminUser();
 OCP\JSON::callCheck();
 
 $username = isset($_POST["username"])?$_POST["username"]:'';
 
+if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)){
+	$l = OC_L10N::get('core');
+	self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+	exit();
+}
+
 //make sure the quota is in the expected format
 $quota=$_POST["quota"];
 if($quota!='none' and $quota!='default'){