diff --git a/src/server/access/collections.test.ts b/src/server/access/collections.test.ts
new file mode 100644
index 0000000..8a3761a
--- /dev/null
+++ b/src/server/access/collections.test.ts
@@ -0,0 +1,19 @@
+import { describe, expect, it, vi } from "vitest";
+
+vi.mock("@/lib/prisma", () => ({
+  prisma: {},
+}));
+
+import { canRenameOrDeleteCollection } from "./collections";
+
+describe("canRenameOrDeleteCollection", () => {
+  it("allows owners and creators", () => {
+    expect(canRenameOrDeleteCollection({ kind: "owner" })).toBe(true);
+    expect(canRenameOrDeleteCollection({ kind: "creator" })).toBe(true);
+  });
+
+  it("denies granted users and non-members", () => {
+    expect(canRenameOrDeleteCollection({ kind: "grant" })).toBe(false);
+    expect(canRenameOrDeleteCollection({ kind: "none" })).toBe(false);
+  });
+});
diff --git a/src/server/access/collections.ts b/src/server/access/collections.ts
index 641c425..f73f353 100644
--- a/src/server/access/collections.ts
+++ b/src/server/access/collections.ts
@@ -13,7 +13,8 @@ export type CollectionAccessState =
 export function canRenameOrDeleteCollection(
   state: CollectionAccessState,
 ): boolean {
-  return state.kind !== "none";
+  // Restrict destructive collection-level operations to owner/creator.
+  return state.kind === "owner" || state.kind === "creator";
 }
 
 export async function loadCollectionAccessState(params: {