diff --git a/src/gisaf/geoapi.py b/src/gisaf/geoapi.py
index 5c6328e..cb75887 100644
--- a/src/gisaf/geoapi.py
+++ b/src/gisaf/geoapi.py
@@ -90,7 +90,7 @@ async def get_geojson(store_name,
         model = registry.stores.loc[store_name].model
     except KeyError:
         raise HTTPException(status.HTTP_404_NOT_FOUND)
-    if hasattr(model, 'viewable_role'):
+    if getattr(model, 'viewable_role', None):
         if not(user and user.can_view(model)):
             username = user.username if user else "Anonymous"
             logger.info(f'{username} tried to access {model}')
diff --git a/src/gisaf/models/authentication.py b/src/gisaf/models/authentication.py
index 7d4cbea..ff07b93 100644
--- a/src/gisaf/models/authentication.py
+++ b/src/gisaf/models/authentication.py
@@ -32,8 +32,9 @@ class User(UserBase, table=True):
     password: str | None = None
 
     def can_view(self, model) -> bool:
-        if hasattr(model, 'viewable_role'):
-            return model.viewable_role in (role.name for role in self.roles)
+        viewable_role = getattr(model, 'viewable_role', None)
+        if viewable_role:
+            return viewable_role in (role.name for role in self.roles)
         else:
             return True