diff --git a/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModuleController.cs b/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModuleController.cs
index 3f8c85ce..6a07a41e 100644
--- a/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModuleController.cs
+++ b/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModuleController.cs
@@ -127,7 +127,7 @@ public async Task<ActionResult<CustomerOrderSearchResult>> SearchCustomerOrder([
             var authorizationResult = await _authorizationService.AuthorizeAsync(User, criteria, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read));
             if (!authorizationResult.Succeeded)
             {
-                return Unauthorized();
+                return Forbid();
             }
 
             var result = await _searchService.SearchAsync(criteria);
@@ -152,7 +152,7 @@ public async Task<ActionResult<CustomerOrder>> GetByNumber(string number, [Swagg
             var authorizationResult = await _authorizationService.AuthorizeAsync(User, searchCriteria, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read));
             if (!authorizationResult.Succeeded)
             {
-                return Unauthorized();
+                return Forbid();
             }
             var result = await _searchService.SearchAsync(searchCriteria);
 
@@ -177,7 +177,7 @@ public async Task<ActionResult<CustomerOrder>> GetById(string id, [SwaggerOption
             var authorizationResult = await _authorizationService.AuthorizeAsync(User, searchCriteria, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read));
             if (!authorizationResult.Succeeded)
             {
-                return Unauthorized();
+                return Forbid();
             }
             var result = await _searchService.SearchAsync(searchCriteria);
 
@@ -254,7 +254,7 @@ public async Task<ActionResult<ProcessPaymentRequestResult>> ProcessOrderPayment
             var authorizationResult = await _authorizationService.AuthorizeAsync(User, customerOrder, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Update));
             if (!authorizationResult.Succeeded)
             {
-                return Unauthorized();
+                return Forbid();
             }
 
             var inPayment = customerOrder.InPayments.FirstOrDefault(x => x.Id == paymentId);
@@ -374,7 +374,7 @@ public async Task<ActionResult> UpdateOrder([FromBody] CustomerOrder customerOrd
             var authorizationResult = await _authorizationService.AuthorizeAsync(User, order, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Update));
             if (!authorizationResult.Succeeded)
             {
-                return Unauthorized();
+                return Forbid();
             }
 
             var validationResult = await ValidateAsync(customerOrder);
@@ -488,7 +488,7 @@ public async Task<ActionResult> DeleteOrdersByIds([FromQuery] string[] ids)
                 }
             }
 
-            return unauthorizedRequest ? Unauthorized() : NoContent();
+            return unauthorizedRequest ? Forbid() : NoContent();
         }
 
         /// <summary>
@@ -647,7 +647,7 @@ public async Task<ActionResult<OperationLog[]>> GetOrderChanges(string id)
                 var authorizationResult = await _authorizationService.AuthorizeAsync(User, order, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read));
                 if (!authorizationResult.Succeeded)
                 {
-                    return Unauthorized();
+                    return Forbid();
                 }
 
                 //Load general change log for order
@@ -685,7 +685,7 @@ public async Task<ActionResult<ChangeLogSearchResult>> SearchOrderChanges([FromB
             var authorizationResult = await _authorizationService.AuthorizeAsync(User, order, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read));
             if (!authorizationResult.Succeeded)
             {
-                return Unauthorized();
+                return Forbid();
             }
 
             //Load general change log for order
diff --git a/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModulePaymentsController.cs b/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModulePaymentsController.cs
index b5a85064..f2e94ef2 100644
--- a/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModulePaymentsController.cs
+++ b/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModulePaymentsController.cs
@@ -57,7 +57,7 @@ public async Task<ActionResult<PaymentSearchResult>> SearchOrderPayments([FromBo
             var authorizationResult = await _authorizationService.AuthorizeAsync(User, criteria, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read));
             if (!authorizationResult.Succeeded)
             {
-                return Unauthorized();
+                return Forbid();
             }
 
             var result = await _paymentSearchService.SearchAsync(criteria);
@@ -81,7 +81,7 @@ public async Task<ActionResult<PaymentIn>> GetById(string id, [SwaggerOptional][
             var authorizationResult = await _authorizationService.AuthorizeAsync(User, searchCriteria, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read));
             if (!authorizationResult.Succeeded)
             {
-                return Unauthorized();
+                return Forbid();
             }
             var result = await _paymentSearchService.SearchAsync(searchCriteria);
 
@@ -112,7 +112,7 @@ public async Task<ActionResult<CustomerOrder>> CreatePayment([FromBody] PaymentI
             var authorizationResult = await _authorizationService.AuthorizeAsync(User, customerOrder, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Update));
             if (!authorizationResult.Succeeded)
             {
-                return Unauthorized();
+                return Forbid();
             }
             var validationResult = await ValidateAsync(payment);
             if (!validationResult.IsValid)
@@ -151,7 +151,7 @@ public async Task<ActionResult> DeleteOrderPaymentsByIds([FromQuery] string[] id
             var authorizationResult = await _authorizationService.AuthorizeAsync(User, searchCriteria, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read));
             if (!authorizationResult.Succeeded)
             {
-                return Unauthorized();
+                return Forbid();
             }
             var result = await _paymentSearchService.SearchAsync(searchCriteria);
             await _paymentService.DeleteAsync(result.Results.Select(x => x.Id).ToArray());