diff --git a/app/controllers/families_controller.rb b/app/controllers/families_controller.rb
index 5ce52f56..c0ccade3 100644
--- a/app/controllers/families_controller.rb
+++ b/app/controllers/families_controller.rb
@@ -77,6 +77,8 @@ class FamiliesController < ApplicationController
   end
 
   def update_location_sharing
+    authorize @family, :update_location_sharing?
+
     result = Families::UpdateLocationSharing.new(
       user: current_user,
       enabled: params[:enabled],
diff --git a/app/policies/family_policy.rb b/app/policies/family_policy.rb
index b644de53..882aab13 100644
--- a/app/policies/family_policy.rb
+++ b/app/policies/family_policy.rb
@@ -34,6 +34,10 @@ class FamilyPolicy < ApplicationPolicy
     user.family == record && user.family_owner?
   end
 
+  def update_location_sharing?
+    user.family == record && user.family_owner?
+  end
+
   private
 
   def family_owner_with_members?