diff --git a/packages/api-gateway/src/Controller/AuthMiddleware.ts b/packages/api-gateway/src/Controller/AuthMiddleware.ts
index 73f99897b..90a380189 100644
--- a/packages/api-gateway/src/Controller/AuthMiddleware.ts
+++ b/packages/api-gateway/src/Controller/AuthMiddleware.ts
@@ -77,6 +77,7 @@ export abstract class AuthMiddleware extends BaseMiddleware {
       response.locals.readOnlyAccess = decodedToken.session?.readonly_access ?? false
       if (response.locals.readonlyAccess) {
         this.logger.info('User operates on read-only access', {
+          codeTag: 'AuthMiddleware',
           userId: response.locals.user.uuid,
         })
       }
diff --git a/packages/api-gateway/src/Service/gRPC/GRPCSyncingServerServiceProxy.ts b/packages/api-gateway/src/Service/gRPC/GRPCSyncingServerServiceProxy.ts
index c786fe8b9..9d1924716 100644
--- a/packages/api-gateway/src/Service/gRPC/GRPCSyncingServerServiceProxy.ts
+++ b/packages/api-gateway/src/Service/gRPC/GRPCSyncingServerServiceProxy.ts
@@ -28,6 +28,12 @@ export class GRPCSyncingServerServiceProxy {
         metadata.set('x-user-uuid', response.locals.user.uuid)
         metadata.set('x-snjs-version', request.headers['x-snjs-version'] as string)
         metadata.set('x-read-only-access', response.locals.readonlyAccess ? 'true' : 'false')
+        if (response.locals.readonlyAccess) {
+          this.logger.info('Syncing with read-only access', {
+            codeTag: 'GRPCSyncingServerServiceProxy',
+            userId: response.locals.user.uuid,
+          })
+        }
         if (response.locals.session) {
           metadata.set('x-session-uuid', response.locals.session.uuid)
         }
diff --git a/packages/syncing-server/src/Infra/gRPC/SyncingServer.ts b/packages/syncing-server/src/Infra/gRPC/SyncingServer.ts
index 395b6ffc2..3e58e2886 100644
--- a/packages/syncing-server/src/Infra/gRPC/SyncingServer.ts
+++ b/packages/syncing-server/src/Infra/gRPC/SyncingServer.ts
@@ -74,9 +74,17 @@ export class SyncingServer implements ISyncingServer {
       }
 
       const apiVersion = call.request.hasApiVersion() ? (call.request.getApiVersion() as string) : ApiVersion.v20161215
+      const userUuid = call.metadata.get('x-user-uuid').pop() as string
+      const readOnlyAccess = call.metadata.get('x-read-only-access').pop() === 'true'
+      if (readOnlyAccess) {
+        this.logger.info('Syncing with read-only access', {
+          codeTag: 'SyncingServer',
+          userId: userUuid,
+        })
+      }
 
       const syncResult = await this.syncItemsUseCase.execute({
-        userUuid: call.metadata.get('x-user-uuid').pop() as string,
+        userUuid,
         itemHashes,
         computeIntegrityHash: call.request.hasComputeIntegrity() ? call.request.getComputeIntegrity() === true : false,
         syncToken: call.request.hasSyncToken() ? call.request.getSyncToken() : undefined,
@@ -85,7 +93,7 @@ export class SyncingServer implements ISyncingServer {
         contentType: call.request.hasContentType() ? call.request.getContentType() : undefined,
         apiVersion,
         snjsVersion: call.metadata.get('x-snjs-version').pop() as string,
-        readOnlyAccess: call.metadata.get('x-read-only-access').pop() === 'true',
+        readOnlyAccess,
         sessionUuid: call.metadata.get('x-session-uuid').pop() as string,
         sharedVaultUuids,
         isFreeUser: call.metadata.get('x-is-free-user').pop() === 'true',