diff --git a/backend/src/auth/RIGHTS.ts b/backend/src/auth/RIGHTS.ts
index 8988620d7..e8a6a1aa3 100644
--- a/backend/src/auth/RIGHTS.ts
+++ b/backend/src/auth/RIGHTS.ts
@@ -26,4 +26,5 @@ export enum RIGHTS {
   SEARCH_PENDING_CREATION = 'SEARCH_PENDING_CREATION',
   DELETE_PENDING_CREATION = 'DELETE_PENDING_CREATION',
   CONFIRM_PENDING_CREATION = 'CONFIRM_PENDING_CREATION',
+  SEND_ACTIVATION_EMAIL = 'SEND_ACTIVATION_EMAIL',
 }
diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts
index 79a1734e6..d1bd6ad22 100644
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@@ -476,6 +476,8 @@ export class UserResolver {
     return 'success'
   }
 
+  // THis is used by the admin only - should we move it to the admin resolver?
+  @Authorized([RIGHTS.SEND_ACTIVATION_EMAIL])
   @Mutation(() => Boolean)
   async sendActivationEmail(@Arg('email') email: string): Promise<boolean> {
     const loginUserRepository = getCustomRepository(LoginUserRepository)