diff --git a/controller/controller.go b/controller/controller.go
index 931c38756707459c3d402250b8f41c991cb328b8..cb853c45d6b94fc97552340672830dfad5706de3 100644
--- a/controller/controller.go
+++ b/controller/controller.go
@@ -106,7 +106,7 @@ func startGrpc() error {
 	log.Infof("listening to %v", lislisten.Addr())
 
 	jwtManager := rbacImpl.NewJWTManager(config.JWTSecret, config.JWTDuration)
-	setupGRPCServerWithCorrectSecurityLevel(jwtManager)
+	setupGRPCServerWithCorrectSecurityLevel(jwtManager, c.userService, c.roleService)
 
 	c.nbi = nbi.NewNBI(c.pndStore, c.userService, c.roleService, *jwtManager)
 
@@ -286,13 +286,13 @@ func callback(id uuid.UUID, ch chan device.Details) {
 // This allows users to operate on the controller without any authentication/authorization,
 // but they could still login if they want to.
 // Use insecure only for testing purposes and with caution.
-func setupGRPCServerWithCorrectSecurityLevel(jwt *rbacImpl.JWTManager) {
+func setupGRPCServerWithCorrectSecurityLevel(jwt *rbacImpl.JWTManager, userService rbac.UserService, roleService rbac.RoleService) {
 	securityLevel := viper.GetString("security")
 	if securityLevel == "insecure" {
 		c.grpcServer = grpc.NewServer()
 		log.Info("set up grpc server in insecure mode")
 	} else {
-		interceptor := server.NewAuthInterceptor(jwt)
+		interceptor := server.NewAuthInterceptor(jwt, userService, roleService)
 		c.grpcServer = grpc.NewServer(grpc.UnaryInterceptor(interceptor.Unary()), grpc.StreamInterceptor(interceptor.Stream()))
 		log.Info("set up grpc server in secure mode")
 	}