diff --git a/pkg/service_internal/submissions.go b/pkg/service_internal/submissions.go
index e8f8c39..1ce1e4c 100644
--- a/pkg/service_internal/submissions.go
+++ b/pkg/service_internal/submissions.go
@@ -9,6 +9,7 @@ import (
 	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
 	internal "git.itzana.me/strafesnet/maps-service/pkg/internal"
 	"git.itzana.me/strafesnet/maps-service/pkg/model"
+	"git.itzana.me/strafesnet/maps-service/pkg/service"
 )
 
 var(
@@ -338,6 +339,7 @@ func (svc *Service) CreateSubmission(ctx context.Context, request *internal.Subm
 	var AssetID=uint64(request.AssetID);
 	var AssetVersion=uint64(request.AssetVersion);
 	var Status=model.SubmissionStatus(request.Status);
+	var roles=service.Roles(request.Roles);
 
 	// Check if an active submission with the same asset id exists
 	{
@@ -363,8 +365,11 @@ func (svc *Service) CreateSubmission(ctx context.Context, request *internal.Subm
 	}
 
 	// check if user owns asset
-	// TODO: allow bypass by admin
-	if operation.Owner != Submitter {
+	is_submitter := operation.Owner == Submitter
+	// check if user is map admin
+	has_submission_review := roles & service.RolesSubmissionReview == service.RolesSubmissionReview
+	// if neither, u not allowed
+	if !is_submitter && !has_submission_review {
 		return nil, ErrNotAssetOwner
 	}