diff --git a/src/main/java/caosdb/server/resource/ScriptingResource.java b/src/main/java/caosdb/server/resource/ScriptingResource.java
index 81a84ab631d9cd2206fd163b5c64eaac4c967286..43e11cf6fe98d76dcfd0e322573cce34634fa8ce 100644
--- a/src/main/java/caosdb/server/resource/ScriptingResource.java
+++ b/src/main/java/caosdb/server/resource/ScriptingResource.java
@@ -27,6 +27,7 @@ package caosdb.server.resource;
 import caosdb.server.FileSystem;
 import caosdb.server.accessControl.Principal;
 import caosdb.server.accessControl.SessionToken;
+import caosdb.server.accessControl.UserSources;
 import caosdb.server.entity.FileProperties;
 import caosdb.server.entity.Message;
 import caosdb.server.scripting.CallerSerializer;
@@ -82,6 +83,9 @@ public class ScriptingResource extends AbstractCaosDBServerResource {
   @Override
   protected Representation httpPostInChildClass(Representation entity) throws Exception {
 
+    if(isAnonymous()) {
+      throw ServerMessages.AUTHORIZATION_ERROR;
+    }
     MediaType mediaType = entity.getMediaType();
     try {
       if (mediaType.equals(MediaType.MULTIPART_FORM_DATA, true)) {
@@ -201,7 +205,12 @@ public class ScriptingResource extends AbstractCaosDBServerResource {
   public Object generateAuthToken() {
     return SessionToken.generate((Principal) getUser().getPrincipal(), null);
   }
-
+  
+  boolean isAnonymous() {
+    boolean ret = getUser().hasRole(UserSources.ANONYMOUS_ROLE);
+    return ret;
+  }
+  
   public int callScript(
       List<String> commandLine, Integer timeoutMs, List<FileProperties> files, Object authToken)
       throws Message {