Index: lams_central/conf/xdoclet/web-security.xml
===================================================================
diff -u -r9db721b6278cdcb38a07eac5f12e2c14c11a624f -r7ea65fd8530aa1be3338c8dcddde53526816ac7d
--- lams_central/conf/xdoclet/web-security.xml	(.../web-security.xml)	(revision 9db721b6278cdcb38a07eac5f12e2c14c11a624f)
+++ lams_central/conf/xdoclet/web-security.xml	(.../web-security.xml)	(revision 7ea65fd8530aa1be3338c8dcddde53526816ac7d)
@@ -61,8 +61,6 @@
     		</web-resource-collection>
     	<auth-constraint>
     		<role-name>AUTHOR</role-name>
-    		<!-- For live edit -->
-    		<role-name>MONITOR</role-name>
     		<role-name>SYSADMIN</role-name>
     	</auth-constraint>
     </security-constraint>
Index: lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringAction.java
===================================================================
diff -u -rc4c8b58265254ce0f4b8e9b5b7ab2070353bc302 -r7ea65fd8530aa1be3338c8dcddde53526816ac7d
--- lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringAction.java	(.../MonitoringAction.java)	(revision c4c8b58265254ce0f4b8e9b5b7ab2070353bc302)
+++ lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringAction.java	(.../MonitoringAction.java)	(revision 7ea65fd8530aa1be3338c8dcddde53526816ac7d)
@@ -25,6 +25,7 @@
 
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.security.InvalidParameterException;
 import java.text.DateFormat;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
@@ -1049,7 +1050,9 @@
 	Organisation organisation = (Organisation) userManagementService.findById(Organisation.class,
 		lessonDTO.getOrganisationID());
 	request.setAttribute("notificationsAvailable", organisation.getEnableCourseNotifications());
-	request.setAttribute("enableLiveEdit", organisation.getEnableLiveEdit());
+	boolean enableLiveEdit = organisation.getEnableLiveEdit() && getUserManagementService()
+		.isUserInRole(user.getUserID(), organisation.getOrganisationId(), Role.AUTHOR);
+	request.setAttribute("enableLiveEdit", enableLiveEdit);
 	request.setAttribute("enableExportPortfolio", organisation.getEnableExportPortfolio());
 	request.setAttribute("lesson", lessonDTO);
 
@@ -1459,7 +1462,21 @@
     public ActionForward startLiveEdit(ActionMapping mapping, ActionForm form, HttpServletRequest request,
 	    HttpServletResponse response) throws LearningDesignException, UserException, IOException {
 	long learningDesignId = WebUtil.readLongParam(request, CentralConstants.PARAM_LEARNING_DESIGN_ID);
+
+	LearningDesign learningDesign = (LearningDesign) getUserManagementService().findById(LearningDesign.class,
+		learningDesignId);
+	if (learningDesign.getLessons().isEmpty()) {
+	    throw new InvalidParameterException(
+		    "There are no lessons associated with learning design: " + learningDesignId);
+	}
+	Integer organisationID = ((Lesson) learningDesign.getLessons().iterator().next()).getOrganisation()
+		.getOrganisationId();
 	Integer userID = getUserId();
+	if (!getSecurityService().hasOrgRole(organisationID, userID, new String[] { Role.AUTHOR }, "start live edit",
+		false)) {
+	    response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not an author in the organisation");
+	    return null;
+	}
 
 	IAuthoringService authoringService = MonitoringServiceProxy
 		.getAuthoringService(getServlet().getServletContext());