Index: lams_central/web/WEB-INF/web.xml
===================================================================
diff -u -rde884cf8c730a25d2f2296f7a768d3fd45508c99 -r6c25dd12df73e7840338036b707f0d461c4bdcad
--- lams_central/web/WEB-INF/web.xml	(.../web.xml)	(revision de884cf8c730a25d2f2296f7a768d3fd45508c99)
+++ lams_central/web/WEB-INF/web.xml	(.../web.xml)	(revision 6c25dd12df73e7840338036b707f0d461c4bdcad)
@@ -690,8 +690,6 @@
 		</web-resource-collection>
 		<auth-constraint>
 			<role-name>AUTHOR</role-name>
-			<!-- For live edit -->
-			<role-name>MONITOR</role-name>
 			<role-name>SYSADMIN</role-name>
 		</auth-constraint>
 	</security-constraint>
Index: lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringAction.java
===================================================================
diff -u -rf4621cf27d17389c7437daf00f3c2b833290ca5a -r6c25dd12df73e7840338036b707f0d461c4bdcad
--- lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringAction.java	(.../MonitoringAction.java)	(revision f4621cf27d17389c7437daf00f3c2b833290ca5a)
+++ lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringAction.java	(.../MonitoringAction.java)	(revision 6c25dd12df73e7840338036b707f0d461c4bdcad)
@@ -25,6 +25,7 @@
 
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.security.InvalidParameterException;
 import java.text.DateFormat;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
@@ -972,7 +973,9 @@
 	Organisation organisation = (Organisation) userManagementService.findById(Organisation.class,
 		lessonDTO.getOrganisationID());
 	request.setAttribute("notificationsAvailable", organisation.getEnableCourseNotifications());
-	request.setAttribute("enableLiveEdit", organisation.getEnableLiveEdit());
+	boolean enableLiveEdit = organisation.getEnableLiveEdit() && getUserManagementService()
+		.isUserInRole(user.getUserID(), organisation.getOrganisationId(), Role.AUTHOR);
+	request.setAttribute("enableLiveEdit", enableLiveEdit);
 	request.setAttribute("lesson", lessonDTO);
 
 	return mapping.findForward("monitorLesson");
@@ -1369,7 +1372,20 @@
     public ActionForward startLiveEdit(ActionMapping mapping, ActionForm form, HttpServletRequest request,
 	    HttpServletResponse response) throws LearningDesignException, UserException, IOException {
 	long learningDesignId = WebUtil.readLongParam(request, CentralConstants.PARAM_LEARNING_DESIGN_ID);
+	LearningDesign learningDesign = (LearningDesign) getUserManagementService().findById(LearningDesign.class,
+		learningDesignId);
+	if (learningDesign.getLessons().isEmpty()) {
+	    throw new InvalidParameterException(
+		    "There are no lessons associated with learning design: " + learningDesignId);
+	}
+	Integer organisationID = ((Lesson) learningDesign.getLessons().iterator().next()).getOrganisation()
+		.getOrganisationId();
 	Integer userID = getUserId();
+	if (!getSecurityService().hasOrgRole(organisationID, userID, new String[] { Role.AUTHOR }, "start live edit",
+		false)) {
+	    response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not an author in the organisation");
+	    return null;
+	}
 
 	IAuthoringService authoringService = MonitoringServiceProxy
 		.getAuthoringService(getServlet().getServletContext());