diff --git a/backend/dataall/core/permissions/api/resolvers.py b/backend/dataall/core/permissions/api/resolvers.py
index de35d596b..6cbceee12 100644
--- a/backend/dataall/core/permissions/api/resolvers.py
+++ b/backend/dataall/core/permissions/api/resolvers.py
@@ -1,11 +1,5 @@
 import logging
-import os
-
-from dataall.base.aws.sts import SessionHelper
-from dataall.base.aws.parameter_store import ParameterStoreManager
-from dataall.base.db.exceptions import RequiredParameter
-from dataall.core.permissions.services.permission_service import PermissionService
-from dataall.core.permissions.services.tenant_policy_service import TenantPolicyService
+from dataall.core.permissions.services.tenant_policy_service import TenantPolicyService, TenantActionsService
 
 log = logging.getLogger(__name__)
 
@@ -26,12 +20,4 @@ def list_tenant_groups(context, source, filter=None):
 
 
 def update_ssm_parameter(context, source, name: str = None, value: str = None):
-    current_account = SessionHelper.get_account()
-    region = os.getenv('AWS_REGION', 'eu-west-1')
-    response = ParameterStoreManager.update_parameter(
-        AwsAccountId=current_account,
-        region=region,
-        parameter_name=f'/dataall/{os.getenv("envname", "local")}/quicksightmonitoring/{name}',
-        parameter_value=value,
-    )
-    return response
+    return TenantActionsService.update_monitoring_ssm_parameter(name, value)
diff --git a/backend/dataall/core/permissions/services/tenant_policy_service.py b/backend/dataall/core/permissions/services/tenant_policy_service.py
index d0c953d09..d8096d248 100644
--- a/backend/dataall/core/permissions/services/tenant_policy_service.py
+++ b/backend/dataall/core/permissions/services/tenant_policy_service.py
@@ -9,6 +9,8 @@
 from dataall.core.permissions.services.permission_service import PermissionService
 from dataall.core.permissions.db.tenant.tenant_models import Tenant
 from dataall.base.services.service_provider_factory import ServiceProviderFactory
+from dataall.base.aws.sts import SessionHelper
+from dataall.base.aws.parameter_store import ParameterStoreManager
 import logging
 import os
 from functools import wraps
@@ -121,6 +123,26 @@ def validate_permissions(session, tenant_name, g_permissions, group):
         return tenant_group_permissions
 
 
+class TenantActionsService:
+    @staticmethod
+    def update_monitoring_ssm_parameter(name, value):
+        # raises UnauthorizedOperation exception, if there is no admin access
+        context = get_context()
+        TenantPolicyValidationService.validate_admin_access(
+            context.username, context.groups, 'UPDATE_SSM_PARAMETER_MONITORING'
+        )
+
+        current_account = SessionHelper.get_account()
+        region = os.getenv('AWS_REGION', 'eu-west-1')
+        response = ParameterStoreManager.update_parameter(
+            AwsAccountId=current_account,
+            region=region,
+            parameter_name=f'/dataall/{os.getenv("envname", "local")}/quicksightmonitoring/{name}',
+            parameter_value=value,
+        )
+        return response
+
+
 class TenantPolicyService:
     TENANT_NAME = 'dataall'