diff --git a/server/routes/scan.js b/server/routes/scan.js
index 6955e9a..b3b2caa 100644
--- a/server/routes/scan.js
+++ b/server/routes/scan.js
@@ -16,7 +16,11 @@ const router = express.Router();
 let scanner = null;
 
 router.get("/", function(req, res/*, next*/) {
-  console.log("Scanning.");
+  console.log("/scan.");
+
+  if (!req.user.maintainer) {
+    return res.status(401).send("Only maintainers can start a scan");
+  }
 
   let responded = false;