diff --git a/CHANGELOG b/CHANGELOG
index 24e4739f5f..cc0f51ad1d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -21,6 +21,8 @@ v3.3.3 (XXXX-XX-XX)
 
 * UI: optimized login view for very small screen sizes
 
+* issue #4222: Permission error preventing AQL query import / export on webui
+
 * UI: optimized error messages for invalid query bind parameter
 
 * UI: upgraded swagger ui to version 3.9.0
diff --git a/arangod/V8Server/v8-users.cpp b/arangod/V8Server/v8-users.cpp
index 8c1f71c65d..1d579b138f 100644
--- a/arangod/V8Server/v8-users.cpp
+++ b/arangod/V8Server/v8-users.cpp
@@ -189,13 +189,15 @@ static void JS_GetUser(v8::FunctionCallbackInfo<v8::Value> const& args) {
   if (args.Length() < 1 || !args[0]->IsString()) {
     TRI_V8_THROW_EXCEPTION_USAGE("document(username)");
   }
-  if (!IsAdminUser()) {
+
+  std::string username = TRI_ObjectToString(args[0]);
+
+  if (!CanAccessUser(username)) {
     TRI_V8_THROW_EXCEPTION(TRI_ERROR_FORBIDDEN);
   }
 
   auto authentication =
       FeatureCacheFeature::instance()->authenticationFeature();
-  std::string username = TRI_ObjectToString(args[0]);
   VPackBuilder result = authentication->authInfo()->serializeUser(username);
   if (!result.isEmpty()) {
     TRI_V8_RETURN(TRI_VPackToV8(isolate, result.slice()));