diff --git a/NEWS.md b/NEWS.md
index 3d117e49..07db41ee 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,6 +1,9 @@
 1.16.1 - 2014-mm-dd
 -------------------
 
+Bug fixes:
+ * Returns 401 Unauthorized for queries without permission
+
 New features:
 
  * New header for database host serving the request
diff --git a/app/controllers/app.js b/app/controllers/app.js
index ddab1f55..641060f9 100755
--- a/app/controllers/app.js
+++ b/app/controllers/app.js
@@ -590,6 +590,10 @@ function handleException(err, res){
 function getStatusError(err, req) {
     var statusError = _.isUndefined(err.http_status) ? 400 : err.http_status;
 
+    if (err.message && err.message.match(/permission denied/)) {
+        statusError = 401;
+    }
+
     // JSONP has to return 200 status error
     if (req && req.query && req.query.callback) {
         statusError = 200;