diff --git a/cvat/apps/iam/rules/projects.rego b/cvat/apps/iam/rules/projects.rego
index 1aafc077..4f4458d5 100644
--- a/cvat/apps/iam/rules/projects.rego
+++ b/cvat/apps/iam/rules/projects.rego
@@ -88,12 +88,23 @@ filter = [] { # Django Q object to filter list of entries
     utils.is_admin
     utils.is_sandbox
 } else = qobject {
+    utils.is_admin
     utils.is_organization
     qobject := [ {"organization": input.auth.organization.id} ]
 } else = qobject {
     utils.is_sandbox
     user := input.auth.user
-    qobject := [ {"owner_id": user.id}, {"assignee_id": user.id}, "|"]
+    qobject := [ {"owner_id": user.id}, {"assignee_id": user.id}, "|" ]
+} else = qobject {
+    utils.is_organization
+    utils.has_perm(utils.USER)
+    organizations.has_perm(organizations.MAINTAINER)
+    qobject := [ {"organization": input.auth.organization.id} ]
+} else = qobject {
+    organizations.has_perm(organizations.WORKER)
+    user := input.auth.user
+    qobject := [ {"owner_id": user.id}, {"assignee_id": user.id}, "|",
+        {"organization": input.auth.organization.id}, "&" ]
 }
 
 allow {