diff --git a/microservices/LocationsApi/Controllers/LocationsController.cs b/microservices/LocationsApi/Controllers/LocationsController.cs
index d716ded..e01a772 100644
--- a/microservices/LocationsApi/Controllers/LocationsController.cs
+++ b/microservices/LocationsApi/Controllers/LocationsController.cs
@@ -2,7 +2,6 @@ using LocationsApi.Models;
 using LocationsApi.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using System.Security.Claims;
 
 namespace LocationsApi.Controllers;
 
@@ -24,13 +23,8 @@ public class LocationsController : ControllerBase
         if (string.IsNullOrWhiteSpace(req.Name))
             return BadRequest("Name required");
 
-        var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
-        if (string.IsNullOrWhiteSpace(userId))
-            return Unauthorized();
-
         var location = new Location
         {
-            OwnerUserId = userId,
             Name = req.Name.Trim(),
             CreatedUtc = DateTime.UtcNow
         };
@@ -40,14 +34,10 @@ public class LocationsController : ControllerBase
     }
 
     [HttpGet]
-    [Authorize(Roles = "USER,SUPER")]
+    [Authorize(Roles = "SUPER")]
     public async Task<IActionResult> ListMine()
     {
-        var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
-        if (string.IsNullOrWhiteSpace(userId))
-            return Unauthorized();
-
-        var locations = await _locations.GetForOwnerAsync(userId);
+        var locations = await _locations.GetAllAsync();
         return Ok(locations);
     }
 
@@ -55,12 +45,7 @@ public class LocationsController : ControllerBase
     [Authorize(Roles = "SUPER")]
     public async Task<IActionResult> Delete(string id)
     {
-        var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
-        if (string.IsNullOrWhiteSpace(userId))
-            return Unauthorized();
-
-        var allowAnyOwner = User.IsInRole("SUPER");
-        var deleted = await _locations.DeleteForOwnerAsync(id, userId, allowAnyOwner);
+        var deleted = await _locations.DeleteAsync(id);
         if (!deleted)
             return NotFound();
 
diff --git a/microservices/LocationsApi/DOCUMENTS.md b/microservices/LocationsApi/DOCUMENTS.md
index d60c923..3172622 100644
--- a/microservices/LocationsApi/DOCUMENTS.md
+++ b/microservices/LocationsApi/DOCUMENTS.md
@@ -22,7 +22,6 @@ Stored documents (MongoDB)
   ```json
   {
     "id": "string (ObjectId)",
-    "ownerUserId": "string",
     "name": "string",
     "createdUtc": "string (ISO-8601 datetime)"
   }
diff --git a/microservices/LocationsApi/Models/Location.cs b/microservices/LocationsApi/Models/Location.cs
index dd96454..8d7828e 100644
--- a/microservices/LocationsApi/Models/Location.cs
+++ b/microservices/LocationsApi/Models/Location.cs
@@ -9,8 +9,6 @@ public class Location
     [BsonRepresentation(BsonType.ObjectId)]
     public string? Id { get; set; }
 
-    public string OwnerUserId { get; set; } = string.Empty;
-
     public string Name { get; set; } = string.Empty;
 
     public DateTime CreatedUtc { get; set; } = DateTime.UtcNow;
diff --git a/microservices/LocationsApi/README.md b/microservices/LocationsApi/README.md
index a5d759b..c5e459d 100644
--- a/microservices/LocationsApi/README.md
+++ b/microservices/LocationsApi/README.md
@@ -5,6 +5,6 @@ See `DOCUMENTS.md` for request payloads and stored document shapes.
 
 ## Endpoints
 - `POST /api/locations` Create a location (SUPER only).
-- `GET /api/locations` List locations for the current user.
+- `GET /api/locations` List all locations (SUPER only).
 - `DELETE /api/locations/{id}` Delete a location (SUPER only).
 - `PUT /api/locations/{id}` Update a location name (SUPER only).
diff --git a/microservices/LocationsApi/Services/LocationStore.cs b/microservices/LocationsApi/Services/LocationStore.cs
index b000b97..df973bb 100644
--- a/microservices/LocationsApi/Services/LocationStore.cs
+++ b/microservices/LocationsApi/Services/LocationStore.cs
@@ -15,26 +15,16 @@ public class LocationStore
         var db = client.GetDatabase(dbName);
         _col = db.GetCollection<Location>("Locations");
 
-        var ownerIndex = Builders<Location>.IndexKeys.Ascending(l => l.OwnerUserId);
-        _col.Indexes.CreateOne(new CreateIndexModel<Location>(ownerIndex));
     }
 
     public Task CreateAsync(Location location) => _col.InsertOneAsync(location);
 
-    public Task<List<Location>> GetForOwnerAsync(string ownerUserId) =>
-        _col.Find(l => l.OwnerUserId == ownerUserId).ToListAsync();
+    public Task<List<Location>> GetAllAsync() =>
+        _col.Find(Builders<Location>.Filter.Empty).ToListAsync();
 
-    public async Task<bool> DeleteForOwnerAsync(string id, string ownerUserId, bool allowAnyOwner)
+    public async Task<bool> DeleteAsync(string id)
     {
         var filter = Builders<Location>.Filter.Eq(l => l.Id, id);
-        if (!allowAnyOwner)
-        {
-            filter = Builders<Location>.Filter.And(
-                filter,
-                Builders<Location>.Filter.Eq(l => l.OwnerUserId, ownerUserId)
-            );
-        }
-
         var result = await _col.DeleteOneAsync(filter);
         return result.DeletedCount > 0;
     }