diff --git a/src/app/api/expenses/[id]/documented/route.ts b/src/app/api/expenses/[id]/documented/route.ts
index 2127d79..faedd22 100644
--- a/src/app/api/expenses/[id]/documented/route.ts
+++ b/src/app/api/expenses/[id]/documented/route.ts
@@ -27,7 +27,7 @@ export async function POST(request: Request, { params }: Context) {
   }
 
   if (!canDocumentExpense(viewer.role)) {
-    return NextResponse.json({ error: "Nur Vorstand allgemein oder AG Finanzen duerfen dokumentieren." }, { status: 403 });
+    return NextResponse.json({ error: "Nur Vorstand allgemein, AG Orga oder AG Finanzen duerfen dokumentieren." }, { status: 403 });
   }
 
   const expense = await prisma.expense.findUnique({
diff --git a/src/app/api/expenses/[id]/paid/route.ts b/src/app/api/expenses/[id]/paid/route.ts
index 3857b50..dd5801b 100644
--- a/src/app/api/expenses/[id]/paid/route.ts
+++ b/src/app/api/expenses/[id]/paid/route.ts
@@ -20,7 +20,7 @@ export async function POST(_: Request, { params }: Context) {
   }
 
   if (!canMarkPaid(viewer.role)) {
-    return NextResponse.json({ error: "Nur Vorstand allgemein oder AG Finanzen duerfen Bezahlt setzen." }, { status: 403 });
+    return NextResponse.json({ error: "Nur Vorstand allgemein, AG Orga oder AG Finanzen duerfen Bezahlt setzen." }, { status: 403 });
   }
 
   const expense = await prisma.expense.findUnique({
diff --git a/src/lib/domain.ts b/src/lib/domain.ts
index 36f1288..2396836 100644
--- a/src/lib/domain.ts
+++ b/src/lib/domain.ts
@@ -69,11 +69,11 @@ export function canManageUsers(role: AppRole) {
 }
 
 export function canMarkPaid(role: AppRole) {
-  return role === "BOARD" || role === "FINANCE";
+  return canDocumentExpense(role);
 }
 
 export function canDocumentExpense(role: AppRole) {
-  return role === "BOARD" || role === "FINANCE";
+  return role === "BOARD" || role === "ORGA" || role === "FINANCE";
 }
 
 export function canCreateExpenseForGroup(role: AppRole, viewerGroupId: string | null, targetGroupId: string) {