diff --git a/librarian_server/api/checkin.py b/librarian_server/api/checkin.py
index 5b29b92..452b8dc 100644
--- a/librarian_server/api/checkin.py
+++ b/librarian_server/api/checkin.py
@@ -77,7 +77,11 @@ def modify_transfers_by_id(
             reasons.add("No destination transfer with the appropriate ID was found.")
             continue
 
-        authorized = user.is_admin or (transfer.uploader == user.username)
+        authorized = (
+            user.is_admin
+            or (transfer.source == user.username)
+            or (transfer.uploader == user.username)
+        )
 
         if not authorized:
             unprocessed.append(transfer_id)
@@ -115,7 +119,11 @@ def get_status_by_id(
     for transfer_id in transfer_ids:
         transfer = session.get(transfer_type, transfer_id, with_for_update=True)
 
-        authorized = user.is_admin or (transfer.uploader == user.username)
+        authorized = (
+            user.is_admin
+            or (transfer.source == user.username)
+            or (transfer.uploader == user.username)
+        )
 
         status[transfer_id] = (
             transfer.status if transfer is not None and authorized else None
diff --git a/pyproject.toml b/pyproject.toml
index cebd022..3f2c112 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -14,7 +14,7 @@ dependencies = [
     "checksumdir",
     "cryptography",
     "fastapi >= 0.108.0",
-    "globus-sdk",
+    "globus-sdk <= 3.40.0",
     "httpx",
     "pydantic >= 2",
     "pydantic-settings >= 2",