diff --git a/classes/Visualizer/Module/AIBuilder.php b/classes/Visualizer/Module/AIBuilder.php
index b5ad65e5..83334c66 100644
--- a/classes/Visualizer/Module/AIBuilder.php
+++ b/classes/Visualizer/Module/AIBuilder.php
@@ -365,6 +365,9 @@ public function uploadData(): void {
 
 			// ── Database query ────────────────────────────────────────────────
 			case 'db_query':
+				if ( ! current_user_can( 'manage_options' ) && ! is_super_admin() ) {
+					wp_send_json_error( array( 'message' => __( 'Action not allowed for this user.', 'visualizer' ) ), 403 );
+				}
 				if ( empty( $_POST['db_query'] ) ) {
 					wp_send_json_error( array( 'message' => __( 'No query provided.', 'visualizer' ) ) );
 				}