diff --git a/apps/common/management/commands/check_api.py b/apps/common/management/commands/check_api.py
index 5dff77a9d..ec48f6976 100644
--- a/apps/common/management/commands/check_api.py
+++ b/apps/common/management/commands/check_api.py
@@ -71,6 +71,7 @@ known_unauth_urls = [
     "/api/v1/authentication/mfa/select/",
     "/api/v1/authentication/mfa/send-code/",
     "/api/v1/authentication/sso/login/"
+    "/api/v1/authentication/user-session/"
 ]
 
 known_error_urls = [
@@ -91,7 +92,6 @@ class Command(BaseCommand):
         unauth_urls = []
         error_urls = []
         unformat_urls = []
-
         for url, ourl in urls:
             if '(' in url or '<' in url:
                 unformat_urls.append([url, ourl])
diff --git a/apps/terminal/permissions.py b/apps/terminal/permissions.py
index 288d839eb..200371cd4 100644
--- a/apps/terminal/permissions.py
+++ b/apps/terminal/permissions.py
@@ -9,7 +9,13 @@ __all__ = ['IsSessionAssignee']
 
 class IsSessionAssignee(permissions.IsAuthenticated):
     def has_permission(self, request, view):
-        return True
+        if not request.user:
+            return False
+        if request.user.is_anonymous:
+            return False
+        if view.action == 'retrieve':
+            return True
+        return False
 
     def has_object_permission(self, request, view, obj):
         try: