diff --git a/ChangeLog b/ChangeLog
index f67e2e9d..ff602f95 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15507,3 +15507,6 @@
 	* Fixed a bug in 'rdlogedit/edit_log.cpp' that caused the Modified
 	datestamp to be updated when 'OK' was clicked even if no changes
 	were made.
+2017-01-13 Fred Gleason <fredg@paravelsystems.com>
+	* Fixed a bug in 'lib/rduser.cpp' that caused the
+	'RDUser::groupAuthorized()' to return false positive results.
diff --git a/lib/rduser.cpp b/lib/rduser.cpp
index 5d7ee73e..a4d45727 100644
--- a/lib/rduser.cpp
+++ b/lib/rduser.cpp
@@ -390,9 +390,9 @@ bool RDUser::groupAuthorized(const QString &group_name)
   RDSqlQuery *q;
   bool ret=false;
 
-  sql=QString().
-    sprintf("select GROUP_NAME from USER_PERMS where USER_NAME=\"%s\"",
-	    (const char *)RDEscapeString(user_name));
+  sql=QString("select GROUP_NAME from USER_PERMS where ")+
+    "(USER_NAME=\""+RDEscapeString(user_name)+"\")&&"+
+    "(GROUP_NAME=\""+RDEscapeString(group_name)+"\")";
   q=new RDSqlQuery(sql);
   ret=q->first();
   delete q;