diff --git a/services/graph/pkg/middleware/requireadmin.go b/services/graph/pkg/middleware/requireadmin.go
index 15d679041c5..ef3dd64fe46 100644
--- a/services/graph/pkg/middleware/requireadmin.go
+++ b/services/graph/pkg/middleware/requireadmin.go
@@ -12,8 +12,8 @@ import (
 
 // RequireAdmin middleware is used to require the user in context to be an admin / have account management permissions
 func RequireAdmin(rm *roles.Manager, logger log.Logger) func(next http.Handler) http.Handler {
-
 	return func(next http.Handler) http.Handler {
+		l := logger.With().Str("middleware", "requireAdmin").Logger()
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			u, ok := revactx.ContextGetUser(r.Context())
 			if !ok {
@@ -27,15 +27,16 @@ func RequireAdmin(rm *roles.Manager, logger log.Logger) func(next http.Handler)
 			// get roles from context
 			roleIDs, ok := roles.ReadRoleIDsFromContext(r.Context())
 			if !ok {
-				logger.Debug().Str("userid", u.Id.OpaqueId).Msg("No roles in context, contacting settings service")
+				l.Debug().Str("userid", u.Id.OpaqueId).Msg("No roles in context, contacting settings service")
 				var err error
 				roleIDs, err = rm.FindRoleIDsForUser(r.Context(), u.Id.OpaqueId)
 				if err != nil {
-					logger.Err(err).Str("userid", u.Id.OpaqueId).Msg("failed to get roles for user")
+					l.Error().Err(err).Str("userid", u.Id.OpaqueId).Msg("Failed to get roles for user")
 					errorcode.AccessDenied.Render(w, r, http.StatusUnauthorized, "Unauthorized")
 					return
 				}
 				if len(roleIDs) == 0 {
+					l.Error().Err(err).Str("userid", u.Id.OpaqueId).Msg("No roles assigned to user")
 					errorcode.AccessDenied.Render(w, r, http.StatusUnauthorized, "Unauthorized")
 					return
 				}