diff --git a/src/pretix/api/auth/permission.py b/src/pretix/api/auth/permission.py
index c8bb2529a4..353446df8d 100644
--- a/src/pretix/api/auth/permission.py
+++ b/src/pretix/api/auth/permission.py
@@ -75,7 +75,7 @@ class EventCRUDPermission(EventPermission):
             return False
         elif view.action == 'destroy' and 'can_change_event_settings' not in request.eventpermset:
             return False
-        elif view.action in ['retrieve', 'update', 'partial_update'] \
+        elif view.action in ['update', 'partial_update'] \
                 and 'can_change_event_settings' not in request.eventpermset:
             return False
 
diff --git a/src/tests/api/test_permissions.py b/src/tests/api/test_permissions.py
index db57921019..4f59915e56 100644
--- a/src/tests/api/test_permissions.py
+++ b/src/tests/api/test_permissions.py
@@ -6,6 +6,7 @@ from django.test import override_settings
 from pretix.base.models import Organizer
 
 event_urls = [
+    (None, ''),
     (None, 'categories/'),
     ('can_view_orders', 'invoices/'),
     (None, 'items/'),