diff --git a/packages/api/src/utility/hasPermission.js b/packages/api/src/utility/hasPermission.js
index 46ae1d1cb..d8c7d15bc 100644
--- a/packages/api/src/utility/hasPermission.js
+++ b/packages/api/src/utility/hasPermission.js
@@ -9,7 +9,8 @@ function hasPermission(tested, req) {
     return true;
   }
   const { user } = (req && req.auth) || {};
-  const key = user || '';
+  const { login } = (process.env.OAUTH_PERMISSIONS && req && req.user) || {};
+  const key = user || login || '';
   const logins = getLogins();
 
   if (!userPermissions[key]) {
@@ -39,7 +40,7 @@ function getLogins() {
       permissions: process.env.PERMISSIONS,
     });
   }
-  if (process.env.LOGINS || process.env.OAUTH_PERMISSIONS) {
+  if (process.env.LOGINS) {
     const logins = _.compact(process.env.LOGINS.split(',').map(x => x.trim()));
     for (const login of logins) {
       const password = process.env[`LOGIN_PASSWORD_${login}`];
@@ -51,13 +52,14 @@ function getLogins() {
           permissions,
         });
       }
-      if (process.env.OAUTH_PERMISSIONS) {
-        res.push({
-          login,
-          password: null,
-          permissions,
-        })
-      }
+    }
+  }
+  else if (process.env.OAUTH_PERMISSIONS) {
+    const login_permission_keys = Object.keys(process.env).filter((key) => _.startsWith(key, 'LOGIN_PERMISSIONS_'))
+    for (const permissions_key of login_permission_keys) {
+      const login = permissions_key.replace('LOGIN_PERMISSIONS_', '');
+      const permissions = process.env[permissions_key];
+      userPermissions[login] = compilePermissions(permissions);
     }
   }