diff --git a/endpoints/api/organization.py b/endpoints/api/organization.py
index 710f84a60..999ecf8e1 100644
--- a/endpoints/api/organization.py
+++ b/endpoints/api/organization.py
@@ -212,8 +212,9 @@ class Organization(ApiResource):
         raise NotFound()
 
       model.user.delete_user(org, all_queues)
+      return 'Deleted', 204
 
-    return 'Deleted', 204
+    raise Unauthorized()
 
 
 @resource('/v1/organization/<orgname>/private')
diff --git a/test/test_api_security.py b/test/test_api_security.py
index bd6adc4bb..93240b36e 100644
--- a/test/test_api_security.py
+++ b/test/test_api_security.py
@@ -3568,6 +3568,18 @@ class TestOrganizationBuynlarge(ApiTestCase):
   def test_put_devtable(self):
     self._run_test('PUT', 200, 'devtable', {})
 
+  def test_delete_anonymous(self):
+    self._run_test('DELETE', 401, None, {})
+
+  def test_delete_freshuser(self):
+    self._run_test('DELETE', 403, 'freshuser', {})
+
+  def test_delete_reader(self):
+    self._run_test('DELETE', 403, 'reader', {})
+
+  def test_delete_devtable(self):
+    self._run_test('DELETE', 204, 'devtable', {})
+
 
 class TestRepositoryPublicPublicrepo(ApiTestCase):
   def setUp(self):