diff --git a/app/controllers/lettings_logs_controller.rb b/app/controllers/lettings_logs_controller.rb
index 4cba65332..0194946d4 100644
--- a/app/controllers/lettings_logs_controller.rb
+++ b/app/controllers/lettings_logs_controller.rb
@@ -135,6 +135,8 @@ class LettingsLogsController < LogsController
   end
 
   def download_bulk_upload
+    return render_not_authorized unless current_user.support?
+
     bulk_upload = BulkUpload.find(params[:id])
     downloader = BulkUpload::Downloader.new(bulk_upload:)
 
diff --git a/app/controllers/sales_logs_controller.rb b/app/controllers/sales_logs_controller.rb
index f8648f3ee..d1bbe3bc2 100644
--- a/app/controllers/sales_logs_controller.rb
+++ b/app/controllers/sales_logs_controller.rb
@@ -105,6 +105,8 @@ class SalesLogsController < LogsController
   end
 
   def download_bulk_upload
+    return render_not_authorized unless current_user.support?
+
     bulk_upload = BulkUpload.find(params[:id])
     downloader = BulkUpload::Downloader.new(bulk_upload:)