diff --git a/html/includes/common/worldmap.inc.php b/html/includes/common/worldmap.inc.php
index f6ba921a4c..03a3b96030 100644
--- a/html/includes/common/worldmap.inc.php
+++ b/html/includes/common/worldmap.inc.php
@@ -51,7 +51,26 @@ var greenMarker = L.AwesomeMarkers.icon({
   });
 ';
 
-foreach (dbFetchRows("SELECT `device_id`,`hostname`,`os`,`status`,`lat`,`lng` FROM `devices` LEFT JOIN `locations` ON `devices`.`location`=`locations`.`location` WHERE `disabled`=0 AND `ignore`=0 AND `lat` != '' AND `lng` != '' ORDER BY `status` ASC, `hostname`") as $map_devices) {
+// Checking user permissions
+if (is_admin() || is_read()) {
+// Admin or global read-only - show all devices
+    $sql = "SELECT `device_id`,`hostname`,`os`,`status`,`lat`,`lng` FROM `devices`
+            LEFT JOIN `locations` ON `devices`.`location`=`locations`.`location`
+            WHERE `disabled`=0 AND `ignore`=0 AND `lat` != '' AND `lng` != ''
+            ORDER BY `status` ASC, `hostname`";
+}
+else {
+// Normal user - grab devices that user has permissions to
+    $sql = "SELECT `devices`.`device_id` as `device_id`,`hostname`,`os`,`status`,`lat`,`lng`
+            FROM `devices_perms`, `devices`
+            LEFT JOIN `locations` ON `devices`.`location`=`locations`.`location`
+            WHERE `disabled`=0 AND `ignore`=0 AND `lat` != '' AND `lng` != ''
+            AND `devices`.`device_id` = `devices_perms`.`device_id`
+            AND `devices_perms`.`user_id` = '".$_SESSION['user_id']."'
+            ORDER BY `status` ASC, `hostname`";
+}
+// Slightly modified foreach - grabbing SQL query string from above
+foreach (dbFetchRows($sql) as $map_devices) {
     $icon = 'greenMarker';
     if ($map_devices['status'] == 0) {
         $icon = 'redMarker';