diff --git a/server/models/campaigns.js b/server/models/campaigns.js
index 1141bdbf..ffe4351e 100644
--- a/server/models/campaigns.js
+++ b/server/models/campaigns.js
@@ -68,7 +68,6 @@ function hash(entity, content) {
 }
 
 async function _listDTAjax(context, namespaceId, channelId, params) {
-    shares.enforceGlobalPermission(context, 'manageCampaigns');
     return await dtHelpers.ajaxListWithPermissions(
         context,
         [{ entityTypeId: 'campaign', requiredOperations: ['view'] }],
@@ -103,7 +102,6 @@ async function listByChannelDTAjax(context, channelId, params) {
 }
 
 async function listChildrenDTAjax(context, campaignId, params) {
-    shares.enforceGlobalPermission(context, 'manageCampaigns');
     return await dtHelpers.ajaxListWithPermissions(
         context,
         [{ entityTypeId: 'campaign', requiredOperations: ['view'] }],
@@ -117,7 +115,6 @@ async function listChildrenDTAjax(context, campaignId, params) {
 
 
 async function listWithContentDTAjax(context, params) {
-    shares.enforceGlobalPermission(context, 'manageCampaigns');
     return await dtHelpers.ajaxListWithPermissions(
         context,
         [{ entityTypeId: 'campaign', requiredOperations: ['view'] }],
@@ -130,7 +127,6 @@ async function listWithContentDTAjax(context, params) {
 }
 
 async function listOthersWhoseListsAreIncludedDTAjax(context, campaignId, listIds, params) {
-    shares.enforceGlobalPermission(context, 'manageCampaigns');
     return await dtHelpers.ajaxListWithPermissions(
         context,
         [{ entityTypeId: 'campaign', requiredOperations: ['view'] }],
@@ -144,7 +140,6 @@ async function listOthersWhoseListsAreIncludedDTAjax(context, campaignId, listId
 }
 
 async function listTestUsersDTAjax(context, campaignId, params) {
-    shares.enforceGlobalPermission(context, 'manageCampaigns');
     return await knex.transaction(async tx => {
         await shares.enforceEntityPermissionTx(tx, context, 'campaign', campaignId, 'view');
 
diff --git a/server/models/lists.js b/server/models/lists.js
index 3c43d34b..22236652 100644
--- a/server/models/lists.js
+++ b/server/models/lists.js
@@ -68,6 +68,7 @@ async function listByNamespaceDTAjax(context, namespaceId, params) {
 }
 
 async function listWithSegmentByCampaignDTAjax(context, campaignId, params) {
+    await shares.enforceEntityPermissionTx(tx, context, 'list', id, 'view');
     return await dtHelpers.ajaxListWithPermissions(
         context,
         [{ entityTypeId: 'list', requiredOperations: ['view'] }],
diff --git a/server/models/shares.js b/server/models/shares.js
index 8ec70f51..5be62d47 100644
--- a/server/models/shares.js
+++ b/server/models/shares.js
@@ -9,7 +9,6 @@ const interoperableErrors = require('../../shared/interoperable-errors');
 const log = require('../lib/log');
 const {getGlobalNamespaceId} = require('../../shared/namespaces');
 const {getAdminId} = require('../../shared/users');
-const { tUI } = require('../lib/translate');
 
 
 // TODO: This would really benefit from some permission cache connected to rebuildPermissions
@@ -451,7 +450,7 @@ async function regenerateRoleNamesTable() {
 
 
 function throwPermissionDenied() {
-    throw new interoperableErrors.PermissionDeniedError(tUI('permissionDenied', config.defaultLanguage));
+    throw new interoperableErrors.PermissionDeniedError('Permission denied');
 }
 
 async function removeDefaultShares(tx, user) {