diff -ur nagios-2.5/cgi/cgiauth.c nagios-2.5.slice_services/cgi/cgiauth.c
--- nagios-2.5/cgi/cgiauth.c	2006-11-01 15:11:46.585244169 +0000
+++ nagios-2.5.slice_services/cgi/cgiauth.c	2006-11-01 14:57:16.686889451 +0000
@@ -295,8 +295,11 @@
 		return FALSE;
 
 	/* if this user is authorized for this host, they are for all services on it as well... */
+	/* This is removed because it allows contactgroups to define a subset of services on any particular host */
+	/*
 	if(is_authorized_for_host(temp_host,authinfo)==TRUE)
 		return TRUE;
+	*/
 
 	/* find the contact */
 	temp_contact=find_contact(authinfo->username);
diff -ur nagios-2.5/cgi/status.c nagios-2.5.slice_services/cgi/status.c
--- nagios-2.5/cgi/status.c	2006-11-01 15:11:46.620259264 +0000
+++ nagios-2.5.slice_services/cgi/status.c	2006-11-01 15:10:26.783021917 +0000
@@ -3492,6 +3492,7 @@
 	servicestatus *temp_servicestatus;
 	hoststatus *temp_hoststatus;
 	host *temp_host;
+	service *temp_service;
 
 
 	/* check all services... */
@@ -3511,6 +3512,11 @@
 		if(temp_hoststatus==NULL)
 			continue;
 
+		/* make sure the user is authorized to see this service... */
+		temp_service=find_service(temp_servicestatus->host_name,temp_servicestatus->description);
+		if(is_authorized_for_service(temp_service,&current_authdata)==FALSE)
+			continue;
+
 		/* make sure we only display hosts of the specified status levels */
 		if(!(host_status_types & temp_hoststatus->status))
 			continue;