diff --git a/pages/api/teams/[teamId]/datarooms/[id]/groups/[groupId]/index.ts b/pages/api/teams/[teamId]/datarooms/[id]/groups/[groupId]/index.ts
index e2ef3a70..ed30ef51 100644
--- a/pages/api/teams/[teamId]/datarooms/[id]/groups/[groupId]/index.ts
+++ b/pages/api/teams/[teamId]/datarooms/[id]/groups/[groupId]/index.ts
@@ -31,21 +31,16 @@ export default async function handle(
     const userId = (session.user as CustomUser).id;
 
     try {
-      const team = await prisma.team.findUnique({
+      const teamAccess = await prisma.userTeam.findUnique({
         where: {
-          id: teamId,
-          users: {
-            some: {
-              userId: (session.user as CustomUser).id,
-            },
+          userId_teamId: {
+            userId: userId,
+            teamId: teamId,
           },
         },
-        select: {
-          id: true,
-        },
       });
 
-      if (!team) {
+      if (!teamAccess) {
         return res.status(403).end("Unauthorized to access this team");
       }
 
@@ -109,19 +104,16 @@ export default async function handle(
     const userId = (session.user as CustomUser).id;
 
     try {
-      const team = await prisma.team.findFirst({
+      const teamAccess = await prisma.userTeam.findUnique({
         where: {
-          id: teamId,
-          users: {
-            some: {
-              userId: userId,
-            },
+          userId_teamId: {
+            userId: userId,
+            teamId: teamId,
           },
         },
       });
-
-      if (!team) {
-        return res.status(401).end("Unauthorized");
+      if (!teamAccess) {
+        return res.status(403).end("Unauthorized to access this team");
       }
 
       const group = await prisma.viewerGroup.update({
@@ -172,6 +164,19 @@ export default async function handle(
     const userId = (session.user as CustomUser).id;
 
     try {
+      const teamAccess = await prisma.userTeam.findUnique({
+        where: {
+          userId_teamId: {
+            userId: userId,
+            teamId: teamId,
+          },
+        },
+      });
+
+      if (!teamAccess) {
+        return res.status(401).end("Unauthorized");
+      }
+
       // delete links associated with the group
       await prisma.link.deleteMany({
         where: {
@@ -185,6 +190,7 @@ export default async function handle(
         where: {
           id: groupId,
           dataroomId: dataroomId,
+          teamId: teamId,
         },
       });
 
diff --git a/prisma/migrations/20251209000000_update_view_model/migration.sql b/prisma/migrations/20251209000000_update_view_model/migration.sql
new file mode 100644
index 00000000..a050b6be
--- /dev/null
+++ b/prisma/migrations/20251209000000_update_view_model/migration.sql
@@ -0,0 +1,6 @@
+-- DropForeignKey
+ALTER TABLE "View" DROP CONSTRAINT "View_linkId_fkey";
+
+-- AddForeignKey
+ALTER TABLE "View" ADD CONSTRAINT "View_linkId_fkey" FOREIGN KEY ("linkId") REFERENCES "Link"("id") ON DELETE CASCADE ON UPDATE CASCADE;
+
diff --git a/prisma/schema/schema.prisma b/prisma/schema/schema.prisma
index 176c018c..785c95c1 100644
--- a/prisma/schema/schema.prisma
+++ b/prisma/schema/schema.prisma
@@ -112,7 +112,7 @@ model Domain {
 
 model View {
   id                  String               @id @default(cuid())
-  link                Link                 @relation(fields: [linkId], references: [id])
+  link                Link                 @relation(fields: [linkId], references: [id], onDelete: Cascade)
   linkId              String
   document            Document?            @relation(fields: [documentId], references: [id], onDelete: Cascade)
   documentId          String?