diff --git a/app/controllers/locations_controller.rb b/app/controllers/locations_controller.rb
index ffb2a9c9a..862412966 100644
--- a/app/controllers/locations_controller.rb
+++ b/app/controllers/locations_controller.rb
@@ -225,11 +225,15 @@ private
   end
 
   def authenticate_action!
-    if %w[create update index new_deactivation deactivate_confirm deactivate postcode local_authority name units type_of_unit mobility_standards availability check_answers].include?(action_name) && !((current_user.organisation == @scheme&.owning_organisation) || current_user.support?)
+    if %w[create update index new_deactivation deactivate_confirm deactivate postcode local_authority name units type_of_unit mobility_standards availability check_answers].include?(action_name) && !user_allowed_action?
       render_not_found and return
     end
   end
 
+  def user_allowed_action?
+    (current_user.organisation == @scheme&.owning_organisation) || (current_user.organisation.parent_organisations.any? { |org| org == @scheme&.owning_organisation }) || current_user.support?
+  end
+
   def location_params
     required_params = params.require(:location).permit(:postcode, :location_admin_district, :location_code, :name, :units, :type_of_unit, :mobility_type, "startdate(1i)", "startdate(2i)", "startdate(3i)").merge(scheme_id: @scheme.id)
     required_params[:postcode] = PostcodeService.clean(required_params[:postcode]) if required_params[:postcode]
diff --git a/app/controllers/schemes_controller.rb b/app/controllers/schemes_controller.rb
index e60620bc5..66fb4be54 100644
--- a/app/controllers/schemes_controller.rb
+++ b/app/controllers/schemes_controller.rb
@@ -265,11 +265,15 @@ private
   def authenticate_scope!
     head :unauthorized and return unless current_user.data_coordinator? || current_user.support?
 
-    if %w[show locations primary_client_group confirm_secondary_client_group secondary_client_group support details check_answers edit_name deactivate].include?(action_name) && !((current_user.organisation == @scheme&.owning_organisation) || current_user.support?)
+    if %w[show locations primary_client_group confirm_secondary_client_group secondary_client_group support details check_answers edit_name deactivate].include?(action_name) && !user_allowed_action?
       render_not_found and return
     end
   end
 
+  def user_allowed_action?
+    (current_user.organisation == @scheme&.owning_organisation) || (current_user.organisation.parent_organisations.any? { |org| org == @scheme&.owning_organisation }) || current_user.support?
+  end
+
   def redirect_if_scheme_confirmed
     redirect_to @scheme if @scheme.confirmed?
   end
diff --git a/app/helpers/locations_helper.rb b/app/helpers/locations_helper.rb
index 5bf7bc8ff..7e38ed36c 100644
--- a/app/helpers/locations_helper.rb
+++ b/app/helpers/locations_helper.rb
@@ -84,6 +84,10 @@ module LocationsHelper
     end
   end
 
+  def user_can_edit_scheme?(user, scheme)
+    user.support? || user.organisation == scheme.owning_organisation
+  end
+
 private
 
   ActivePeriod = Struct.new(:from, :to)
diff --git a/app/views/locations/index.html.erb b/app/views/locations/index.html.erb
index 7294b9729..fafe16a92 100644
--- a/app/views/locations/index.html.erb
+++ b/app/views/locations/index.html.erb
@@ -64,7 +64,9 @@
           <% end %>
         <% end %>
       <% end %>
-      <%= govuk_button_to "Add a location", scheme_locations_path(@scheme), method: "post", secondary: true %>
+      <% if user_can_edit_scheme?(current_user, @scheme) %>
+        <%= govuk_button_to "Add a location", scheme_locations_path(@scheme), method: "post", secondary: true %>
+      <% end %>
     </div>
   </div>
 
@@ -118,7 +120,9 @@
       <% end %>
     <% end %>
   <% end %>
-  <%= govuk_button_to "Add a location", scheme_locations_path(@scheme), method: "post", secondary: true %>
+  <% if user_can_edit_scheme?(current_user, @scheme) %>
+    <%= govuk_button_to "Add a location", scheme_locations_path(@scheme), method: "post", secondary: true %>
+  <% end %>
 
 <% end %>
 
diff --git a/app/views/locations/show.html.erb b/app/views/locations/show.html.erb
index 299a19357..11e8290a3 100644
--- a/app/views/locations/show.html.erb
+++ b/app/views/locations/show.html.erb
@@ -16,12 +16,12 @@
                 <%= summary_list.row do |row| %>
                 <% row.key { attr[:name] } %>
                 <% row.value { attr[:attribute].eql?("status") ? status_tag(attr[:value]) : details_html(attr) } %>
-                <% row.action(text: "Change", href: scheme_location_name_path(@scheme, @location, referrer: "details")) if attr[:attribute] == "name" %>
+                <% row.action(text: "Change", href: scheme_location_name_path(@scheme, @location, referrer: "details")) if attr[:attribute] == "name" && current_user.organisation == @scheme.owning_organisation %>
                 <% end %>
             <% end %>
         <% end %>
     </div>
 </div>
-<% if FeatureToggle.location_toggle_enabled? %>
+<% if FeatureToggle.location_toggle_enabled? && user_can_edit_scheme?(current_user, @scheme) %>
     <%= toggle_location_link(@location) %>
 <% end %>
diff --git a/app/views/schemes/show.html.erb b/app/views/schemes/show.html.erb
index beb4508e0..c0fe9b754 100644
--- a/app/views/schemes/show.html.erb
+++ b/app/views/schemes/show.html.erb
@@ -22,7 +22,7 @@
           <%= summary_list.row do |row| %>
             <% row.key { attr[:name] } %>
             <% row.value { details_html(attr) } %>
-            <% row.action(text: "Change", href: scheme_edit_name_path(scheme_id: @scheme.id)) if attr[:edit] %>
+            <% row.action(text: "Change", href: scheme_edit_name_path(scheme_id: @scheme.id)) if attr[:edit] && user_can_edit_scheme?(current_user, @scheme) %>
           <% end %>
         <% end %>
       <% end %>
diff --git a/spec/requests/locations_controller_spec.rb b/spec/requests/locations_controller_spec.rb
index ab9dcd268..ef39e15ab 100644
--- a/spec/requests/locations_controller_spec.rb
+++ b/spec/requests/locations_controller_spec.rb
@@ -145,7 +145,7 @@ RSpec.describe LocationsController, type: :request do
         end
       end
 
-      it "shows locations with correct data wben the new locations layout feature toggle is enabled" do
+      it "shows locations with correct data when the new locations layout feature toggle is enabled" do
         locations.each do |location|
           expect(page).to have_content(location.id)
           expect(page).to have_content(location.postcode)
@@ -154,7 +154,7 @@ RSpec.describe LocationsController, type: :request do
         end
       end
 
-      it "shows locations with correct data wben the new locations layout feature toggle is disabled" do
+      it "shows locations with correct data when the new locations layout feature toggle is disabled" do
         allow(FeatureToggle).to receive(:location_toggle_enabled?).and_return(false)
         get "/schemes/#{scheme.id}/locations"
         locations.each do |location|
@@ -248,6 +248,30 @@ RSpec.describe LocationsController, type: :request do
           expect(page).to have_title(expected_title)
         end
       end
+
+      context "when coordinator attempts to see scheme belonging to a parent organisation" do
+        let(:parent_organisation) { FactoryBot.create(:organisation) }
+        let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: parent_organisation) }
+        let!(:locations) { FactoryBot.create_list(:location, 3, scheme:, startdate: Time.zone.local(2022, 4, 1)) }
+
+        before do
+          create(:organisation_relationship, parent_organisation:, child_organisation: user.organisation)
+          get "/schemes/#{scheme.id}/locations"
+        end
+
+        it "shows all the locations" do
+          locations.each do |location|
+            expect(page).to have_content(location.id)
+            expect(page).to have_content(location.postcode)
+            expect(page).to have_content(location.name)
+            expect(page).to have_content(location.status)
+          end
+        end
+
+        it "does not allow adding new locations" do
+          expect(page).not_to have_button("Add a location")
+        end
+      end
     end
 
     context "when signed in as a support user" do
@@ -261,16 +285,17 @@ RSpec.describe LocationsController, type: :request do
         get "/schemes/#{scheme.id}/locations"
       end
 
-      it "shows locations with correct data wben the new locations layout feature toggle is enabled" do
+      it "shows locations with correct data when the new locations layout feature toggle is enabled" do
         locations.each do |location|
           expect(page).to have_content(location.id)
           expect(page).to have_content(location.postcode)
           expect(page).to have_content(location.name)
           expect(page).to have_content(location.status)
         end
+        expect(page).to have_button("Add a location")
       end
 
-      it "shows locations with correct data wben the new locations layout feature toggle is disabled" do
+      it "shows locations with correct data when the new locations layout feature toggle is disabled" do
         allow(FeatureToggle).to receive(:location_toggle_enabled?).and_return(false)
         get "/schemes/#{scheme.id}/locations"
         locations.each do |location|
@@ -1677,6 +1702,27 @@ RSpec.describe LocationsController, type: :request do
           expect(page).not_to have_link("Deactivate this location")
         end
       end
+
+      context "and are viewing their parent organisation's location" do
+        let(:parent_organisation) { FactoryBot.create(:organisation) }
+        let!(:scheme) { FactoryBot.create(:scheme, owning_organisation: parent_organisation) }
+        let!(:location) { FactoryBot.create(:location, scheme:) }
+        let(:add_deactivations) {}
+
+        before do
+          create(:organisation_relationship, parent_organisation:, child_organisation: user.organisation)
+        end
+
+        it "shows the location" do
+          expect(page).to have_content("Location name")
+          expect(page).to have_content(location.name)
+        end
+
+        it "does not allow editing the location" do
+          expect(page).not_to have_link("Change")
+          expect(page).not_to have_link("Deactivate this location", href: "/schemes/#{scheme.id}/locations/#{location.id}/new-deactivation")
+        end
+      end
     end
   end
 
diff --git a/spec/requests/schemes_controller_spec.rb b/spec/requests/schemes_controller_spec.rb
index 1a450a922..9c4775931 100644
--- a/spec/requests/schemes_controller_spec.rb
+++ b/spec/requests/schemes_controller_spec.rb
@@ -233,9 +233,6 @@ RSpec.describe SchemesController, type: :request do
         expect(page).to have_content(specific_scheme.id_to_display)
         expect(page).to have_content(specific_scheme.service_name)
         expect(page).to have_content(specific_scheme.sensitive)
-        expect(page).to have_content(specific_scheme.id_to_display)
-        expect(page).to have_content(specific_scheme.service_name)
-        expect(page).to have_content(specific_scheme.sensitive)
         expect(page).to have_content(specific_scheme.scheme_type)
         expect(page).to have_content(specific_scheme.registered_under_care_act)
         expect(page).to have_content(specific_scheme.primary_client_group)
@@ -306,6 +303,24 @@ RSpec.describe SchemesController, type: :request do
           end
         end
       end
+
+      context "when coordinator attempts to see scheme belonging to a parent organisation" do
+        let(:parent_organisation) { FactoryBot.create(:organisation) }
+        let!(:specific_scheme) { FactoryBot.create(:scheme, owning_organisation: parent_organisation) }
+
+        before do
+          create(:organisation_relationship, parent_organisation:, child_organisation: user.organisation)
+          get "/schemes/#{specific_scheme.id}"
+        end
+
+        it "shows the scheme" do
+          expect(page).to have_content(specific_scheme.id_to_display)
+        end
+
+        it "does not allow editing the scheme" do
+          expect(page).not_to have_link("Change")
+        end
+      end
     end
 
     context "when signed in as a support user" do