diff --git a/lib/Ravada.pm b/lib/Ravada.pm
index fe64f8390..70d10719d 100644
--- a/lib/Ravada.pm
+++ b/lib/Ravada.pm
@@ -4978,9 +4978,14 @@ sub _cmd_remove_base {
     my $user = Ravada::Auth::SQL->search_by_id( $uid);
 
     my $domain = $self->search_domain_by_id($id_domain);
-
     die "Unknown domain id '$id_domain'\n" if !$domain;
 
+    die "User ".$user->name." [".$user->id."] not allowed to remove base "
+                .$domain->name."\n"
+            unless $user->is_admin || (
+                $domain->id_owner == $user->id && $user->can_create_base());
+
+
     $domain->remove_base($user);
 
 }
diff --git a/t/user/20_grants.t b/t/user/20_grants.t
index 55e119e38..41f952a58 100644
--- a/t/user/20_grants.t
+++ b/t/user/20_grants.t
@@ -957,11 +957,11 @@ sub test_view_all($vm) {
     wait_request( check_error => 0, debug => 0);
     for my $req ($req_prepare, $req_remove_base, $req_shutdown) {
         is($req->status,'done');
-        like($req->error,qr'User.* (can.t |not allowed)', $req->command);
+        like($req->error,qr'User.* (can.t |not allowed)', $req->command)
+            or exit;
     }
     for my $req ( $req_start_admin, $req_prepare_admin, $req_start
     ,$req_refresh, $req_refresh_ports) {
-        diag($req->command);
         is($req->status,'done');
         next if $req->command =~ /refresh_machine_ports/i;
         is($req->error,'', $req->command) or exit;