diff --git a/CHANGES b/CHANGES
index 24721e3ec..99d9ac4d2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2846,4 +2846,5 @@
 * docker: use system dns for app containers
 * logs: show error message in UI when log rotated
 * unbound: prefer ip4 for dns queries (only on ubuntu 24 and above)
+* apps: allow operators to update apps
 
diff --git a/dashboard/src/js/client.js b/dashboard/src/js/client.js
index 987b3b86e..20bd685a8 100644
--- a/dashboard/src/js/client.js
+++ b/dashboard/src/js/client.js
@@ -1400,8 +1400,6 @@ angular.module('Application').service('Client', ['$http', '$interval', '$timeout
     };
 
     Client.prototype.getUpdateInfo = function (callback) {
-        if (!this._userInfo.isAtLeastAdmin) return callback(new Error('Not allowed'));
-
         get('/api/v1/updater/updates', null, function (error, data, status) {
             if (error) return callback(error);
             if (status !== 200) return callback(new ClientError(status, data));
@@ -2644,9 +2642,10 @@ angular.module('Application').service('Client', ['$http', '$interval', '$timeout
         this.config(function (error, result) {
             if (error) return callback(error);
 
-            that.getUpdateInfo(function (error, info) { // note: non-admin users may get access denied for this
-                if (!error) result.update = info.update; // attach update information to config object
+            that.getUpdateInfo(function (error, info) {
+                if (error) return callback(error);
 
+                result.update = info.update;
                 that.setConfig(result);
                 callback(null);
             });
diff --git a/src/server.js b/src/server.js
index 309f154b7..5f47744af 100644
--- a/src/server.js
+++ b/src/server.js
@@ -129,7 +129,7 @@ async function initializeExpressSync() {
     router.get ('/api/v1/eventlog/:eventId',                       token, authorizeAdmin, routes.eventlog.get);
 
     // updater
-    router.get ('/api/v1/updater/updates',                        token, authorizeAdmin, routes.updater.getUpdateInfo);
+    router.get ('/api/v1/updater/updates',                        token,  authorizeUser, routes.updater.getUpdateInfo);
     router.post('/api/v1/updater/update',                   json, token, authorizeAdmin, routes.updater.update);
     router.post('/api/v1/updater/check_for_updates',        json, token, authorizeAdmin, routes.updater.checkForUpdates);
     router.get ('/api/v1/updater/autoupdate_pattern',             token, authorizeAdmin, routes.updater.getAutoupdatePattern);