diff --git a/Changes b/Changes
index 126cc32e..4aa80c41 100644
--- a/Changes
+++ b/Changes
@@ -5,6 +5,10 @@
   * #371 usernames are case insensitive but case preserving
   * #12 store Cisco PortFast status in device_port_properties:faststart
 
+  [BUG FIXES]
+
+  * access to manual topology for admins without port_control role
+
 2.039017 - 2018-03-20
 
   [BUG FIXES]
diff --git a/lib/App/Netdisco/Web/Plugin/AdminTask/Topology.pm b/lib/App/Netdisco/Web/Plugin/AdminTask/Topology.pm
index afe06c04..746d22bc 100644
--- a/lib/App/Netdisco/Web/Plugin/AdminTask/Topology.pm
+++ b/lib/App/Netdisco/Web/Plugin/AdminTask/Topology.pm
@@ -29,7 +29,7 @@ sub _sanity_ok {
     return 1;
 }
 
-ajax '/ajax/control/admin/topology/add' => require_role port_control => sub {
+ajax '/ajax/control/admin/topology/add' => require_any_role [qw(admin port_control)] => sub {
     send_error('Bad Request', 400) unless _sanity_ok();
 
     my $device = schema('netdisco')->resultset('Topology')
@@ -78,7 +78,7 @@ ajax '/ajax/control/admin/topology/add' => require_role port_control => sub {
     };
 };
 
-ajax '/ajax/control/admin/topology/del' => require_role port_control => sub {
+ajax '/ajax/control/admin/topology/del' => require_any_role [qw(admin port_control)] => sub {
     send_error('Bad Request', 400) unless _sanity_ok();
 
     schema('netdisco')->txn_do(sub {
@@ -129,7 +129,7 @@ ajax '/ajax/control/admin/topology/del' => require_role port_control => sub {
     };
 };
 
-ajax '/ajax/content/admin/topology' => require_role port_control => sub {
+ajax '/ajax/content/admin/topology' => require_any_role [qw(admin port_control)] => sub {
     my $set = schema('netdisco')->resultset('Topology')
       ->search({},{order_by => [qw/dev1 dev2 port1/]});
 
diff --git a/lib/App/Netdisco/Web/PortControl.pm b/lib/App/Netdisco/Web/PortControl.pm
index 4a410430..cf28f4bb 100644
--- a/lib/App/Netdisco/Web/PortControl.pm
+++ b/lib/App/Netdisco/Web/PortControl.pm
@@ -7,7 +7,7 @@ use Dancer::Plugin::Auth::Extensible;
 
 use App::Netdisco::JobQueue qw/jq_insert jq_userlog/;
 
-ajax '/ajax/portcontrol' => require_role port_control => sub {
+ajax '/ajax/portcontrol' => require_any_role [qw(admin port_control)] => sub {
     send_error('No device/port/field', 400)
       unless param('device') and (param('port') or param('field'));