diff --git a/server/api/collections.test.js b/server/api/collections.test.js
index aab3fe44..529661be 100644
--- a/server/api/collections.test.js
+++ b/server/api/collections.test.js
@@ -284,7 +284,7 @@ describe("#collections.export", () => {
       createdById: user.id,
       collectionId: collection.id,
       userId: user.id,
-      permission: "read",
+      permission: "read_write",
     });
 
     const res = await server.post("/api/collections.export", {
@@ -305,7 +305,7 @@ describe("#collections.export", () => {
     await group.addUser(user, { through: { createdById: user.id } });
 
     await collection.addGroup(group, {
-      through: { permission: "read", createdById: user.id },
+      through: { permission: "read_write", createdById: user.id },
     });
 
     const res = await server.post("/api/collections.export", {
diff --git a/server/policies/collection.js b/server/policies/collection.js
index 87b1a623..3f8efc91 100644
--- a/server/policies/collection.js
+++ b/server/policies/collection.js
@@ -25,7 +25,7 @@ allow(User, "move", Collection, (user, collection) => {
   throw new AdminRequiredError();
 });
 
-allow(User, ["read", "export"], Collection, (user, collection) => {
+allow(User, "read", Collection, (user, collection) => {
   if (!collection || user.teamId !== collection.teamId) return false;
 
   if (!collection.permission) {
@@ -47,7 +47,7 @@ allow(User, ["read", "export"], Collection, (user, collection) => {
   return true;
 });
 
-allow(User, "share", Collection, (user, collection) => {
+allow(User, ["share", "export"], Collection, (user, collection) => {
   if (user.isViewer) return false;
   if (!collection || user.teamId !== collection.teamId) return false;
   if (!collection.sharing) return false;
diff --git a/server/policies/collection.test.js b/server/policies/collection.test.js
index 0d85b779..e746a2aa 100644
--- a/server/policies/collection.test.js
+++ b/server/policies/collection.test.js
@@ -59,7 +59,7 @@ describe("read permission", () => {
     });
     const abilities = serialize(user, collection);
     expect(abilities.read).toEqual(true);
-    expect(abilities.export).toEqual(true);
+    expect(abilities.export).toEqual(false);
     expect(abilities.update).toEqual(false);
     expect(abilities.share).toEqual(false);
   });