diff --git a/lib/api/v3/work_packages/watchers_api.rb b/lib/api/v3/work_packages/watchers_api.rb
index c2f701f55b..d1a3b6e44f 100644
--- a/lib/api/v3/work_packages/watchers_api.rb
+++ b/lib/api/v3/work_packages/watchers_api.rb
@@ -10,7 +10,11 @@ module API
           end
 
           post do
-            authorize(:add_work_package_watchers, context: @work_package.project)
+            if current_user.id == params[:user_id].to_i
+              authorize(:view_work_packages, context: @work_package.project)
+            else
+              authorize(:add_work_package_watchers, context: @work_package.project)
+            end
 
             user = User.find params[:user_id]
 
@@ -32,7 +36,11 @@ module API
 
           namespace ':user_id' do
             delete do
-              authorize(:delete_work_package_watchers, context: @work_package.project)
+              if current_user.id == params[:user_id]
+                authorize(:view_work_packages, context: @work_package.project)
+              else
+                authorize(:delete_work_package_watchers, context: @work_package.project)
+              end
 
               user = User.find_by_id params[:user_id]
 
diff --git a/spec/api/watcher_resource_spec.rb b/spec/api/watcher_resource_spec.rb
index 7e08b1f4ed..3ba9b51708 100644
--- a/spec/api/watcher_resource_spec.rb
+++ b/spec/api/watcher_resource_spec.rb
@@ -67,14 +67,25 @@ describe 'API v3 Watcher resource' do
     end
 
     context 'unauthorized user' do
-      let(:current_user) { unauthorized_user }
+      context 'when the current user is trying to assign another user as watcher' do
+        let(:current_user) { unauthorized_user }
 
-      it 'should respond with 403' do
-        expect(subject.status).to eq(403)
+        it 'should respond with 403' do
+          expect(subject.status).to eq(403)
+        end
+
+        it 'should respond with explanatory error message' do
+          expect(subject.body).to include_json('not_authorized'.to_json).at_path('title')
+        end
       end
 
-      it 'should respond with explanatory error message' do
-        expect(subject.body).to include_json('not_authorized'.to_json).at_path('title')
+      context 'when the current user tries to watch the work package her- or himself' do
+        let(:current_user) { available_watcher }
+        let(:new_watcher) { available_watcher }
+
+        it 'should respond with 201' do
+          expect(subject.status).to eq(201)
+        end
       end
     end
   end
@@ -116,14 +127,25 @@ describe 'API v3 Watcher resource' do
     end
 
     context 'unauthorized user' do
-      let(:current_user) { unauthorized_user }
+      context 'when the current user tries to deassign another user from the work package watchers' do
+        let(:current_user) { unauthorized_user }
+
+        it 'should respond with 403' do
+          expect(subject.status).to eq(403)
+        end
 
-      it 'should respond with 403' do
-        expect(subject.status).to eq(403)
+        it 'should respond with explanatory error message' do
+          expect(subject.body).to include_json('not_authorized'.to_json).at_path('title')
+        end
       end
 
-      it 'should respond with explanatory error message' do
-        expect(subject.body).to include_json('not_authorized'.to_json).at_path('title')
+      context 'when the current user tries to watch the work package her- or himself' do
+        let(:current_user) { watcher }
+        let(:new_watcher) { watcher }
+
+        it 'should respond with 204' do
+          expect(subject.status).to eq(204)
+        end
       end
     end