diff --git a/ckanext/odsh/logic/auth.py b/ckanext/odsh/logic/auth.py
index d3b3b2a9b0c83a82330cba904950d90a80a2e849..1bac994df89c7c235aa9fb979ffb1c2ff959d7b5 100644
--- a/ckanext/odsh/logic/auth.py
+++ b/ckanext/odsh/logic/auth.py
@@ -24,6 +24,10 @@ def allow_sysadmin_only(original_auth_function):
 def user_list(context, data_dict):
     pass
 
+@allow_sysadmin_only(get.user_activity_list)
+def user_activity_list(context, data_dict):
+    pass
+
 @allow_sysadmin_only(update.user_update)
 def user_update(context, data_dict):
     pass
@@ -39,6 +43,7 @@ def user_invite(context, data_dict):
 def get_auth_functions():
     return {
         "user_list": user_list,
+        "user_activity_list": user_activity_list,
         "user_update": user_update,
         "user_create": user_create,
         "user_invite": user_invite,
diff --git a/ckanext/odsh/tests_tpsh/test_auth.py b/ckanext/odsh/tests_tpsh/test_auth.py
index 0c2e0e895520d5c05ab54cd62425f67dd64dcc78..a3a2676849fc82ef0abc7fc1a8a72a4e99430c6e 100644
--- a/ckanext/odsh/tests_tpsh/test_auth.py
+++ b/ckanext/odsh/tests_tpsh/test_auth.py
@@ -22,6 +22,11 @@ class TestAuthorization:
         response = app.get(url)
         assert response.status_code == 403
         assert "Zugriff nicht erlaubt" in response
+
+        url = url_for("user.activity", id=username)
+        response = app.get(url)
+        assert response.status_code == 500
+
     
     def test_user_actions_not_accessible_by_regular_user(self):
         def assert_not_authorized(action, context, data_dict):
@@ -36,6 +41,7 @@ class TestAuthorization:
         assert_not_authorized("user_delete", {"user": username}, {"id": username})
         assert_not_authorized("user_create", {"user": username}, {"name": "foo"})
         assert_not_authorized("user_invite", {"user": username}, {})
+        assert_not_authorized("user_activity_list", {"user": username}, {"id": username})
     
     def test_user_list_accessible_for_sysadmin(self):
         adminuser = factories.Sysadmin()