diff --git a/src/Foundation/Authorization.hs b/src/Foundation/Authorization.hs
index 76134e3e6..a51d4487f 100644
--- a/src/Foundation/Authorization.hs
+++ b/src/Foundation/Authorization.hs
@@ -1863,6 +1863,28 @@ routeAuthTags = fmap predDNFEntail . ofoldM parse defaultAuthDNF . routeAttrs
       Just t' -> Right . predDNFOr prev . PredDNF $ Set.singleton t'
       Nothing -> Left $ InvalidAuthTag t
 
+broadenRoute :: AuthTag -> Route UniWorX -> Route UniWorX
+broadenRoute aTag route = case (aTag, route) of
+  (AuthAdmin, CourseR tid ssh csh _) -> CourseR tid ssh csh CShowR
+  (AuthAdmin, AllocationR tid ssh ash _) -> AllocationR tid ssh ash AShowR
+  (AuthAdmin, SchoolR ssh _) -> SchoolR ssh SchoolEditR
+  (AuthAdmin, _) -> NewsR
+
+  (AuthStudent, _) -> NewsR
+
+  (AuthExamOffice, CExamR tid ssh csh examn _) -> CExamR tid ssh csh examn EShowR
+  (AuthExamOffice, EExamR tid ssh coursen examn _) -> EExamR tid ssh coursen examn EEShowR
+  (AuthExamOffice, CourseR _ ssh _ _) -> SchoolR ssh SchoolEditR
+  (AuthExamOffice, SchoolR ssh _) -> SchoolR ssh SchoolEditR
+  (AuthExamOffice, _) -> NewsR
+
+  (AuthLecturer, CourseR tid ssh csh _) -> CourseR tid ssh csh CShowR
+  (AuthLecturer, AllocationR tid ssh ash _) -> AllocationR tid ssh ash AShowR
+  (AuthLecturer, EExamR tid ssh coursen examn _) -> EExamR tid ssh coursen examn EEShowR
+  (AuthLecturer, _) -> NewsR
+
+  _other -> route
+
 evalAuthTags :: forall ctx m. (HasCallStack, Binary ctx, MonadAP m) => ctx -> AuthTagActive -> (forall m'. MonadAP m' => AuthTagsEval m') -> AuthTagsEval m
 -- ^ `tell`s disabled predicates, identified as pivots
 evalAuthTags ctx authActive@AuthTagActive{..} cont (map (Set.toList . toNullable) . Set.toList . dnfTerms -> authDNF') mAuthId route isWrite
@@ -1876,8 +1898,9 @@ evalAuthTags ctx authActive@AuthTagActive{..} cont (map (Set.toList . toNullable
         authTagIsInactive = not . authTagIsActive
 
         evalAuthTag :: AuthTag -> WriterT (Set AuthTag) m AuthResult
-        evalAuthTag authTag = lift . ($runCachedMemoT :: CachedMemoT (ctx, AuthTag, Maybe UserId, Route UniWorX, Bool) AuthResult m _ -> m _) $ for5 memo (const evalAccessPred') ctx authTag mAuthId route isWrite
+        evalAuthTag authTag = lift . ($runCachedMemoT :: CachedMemoT (ctx, AuthTag, Maybe UserId, Route UniWorX, Bool) AuthResult m _ -> m _) $ for5 memo (const evalAccessPred') ctx authTag mAuthId route'' isWrite
           where
+            route'' = broadenRoute authTag route
             evalAccessPred' authTag' mAuthId' route' isWrite' = lift $ do
               $logDebugS "evalAccessPred" $ tshow (authTag', mAuthId', route', isWrite')
               observeAuthTagEvaluation authTag' (classifyHandler route') $ do