diff --git a/backend/app/api/deps.py b/backend/app/api/deps.py
index cb4a72d9..449e1731 100644
--- a/backend/app/api/deps.py
+++ b/backend/app/api/deps.py
@@ -30,7 +30,7 @@ from app.db.session import get_session
 from app.models.boards import Board
 from app.models.organizations import Organization
 from app.models.tasks import Task
-from app.services.admin_access import require_admin
+from app.services.admin_access import require_user_actor
 from app.services.organizations import (
     OrganizationContext,
     ensure_member_for_user,
@@ -52,8 +52,8 @@ SESSION_DEP = Depends(get_session)
 
 
 def require_admin_auth(auth: AuthContext = AUTH_DEP) -> AuthContext:
-    """Require an authenticated admin user."""
-    require_admin(auth)
+    """Require an authenticated human user (not an agent)."""
+    require_user_actor(auth)
     return auth
 
 
@@ -70,9 +70,9 @@ def require_admin_or_agent(
     auth: AuthContext | None = AUTH_OPTIONAL_DEP,
     agent_auth: AgentAuthContext | None = AGENT_AUTH_OPTIONAL_DEP,
 ) -> ActorContext:
-    """Authorize either an admin user or an authenticated agent."""
+    """Authorize either a human user or an authenticated agent."""
     if auth is not None:
-        require_admin(auth)
+        require_user_actor(auth)
         return ActorContext(actor_type="user", user=auth.user)
     if agent_auth is not None:
         return ActorContext(actor_type="agent", agent=agent_auth.agent)
diff --git a/backend/app/services/admin_access.py b/backend/app/services/admin_access.py
index 4ce64dd1..e5270d60 100644
--- a/backend/app/services/admin_access.py
+++ b/backend/app/services/admin_access.py
@@ -1,4 +1,4 @@
-"""Access control helpers for admin-only operations."""
+"""Access control helpers for actor-type checks."""
 
 from __future__ import annotations
 
@@ -10,7 +10,12 @@ if TYPE_CHECKING:
     from app.core.auth import AuthContext
 
 
-def require_admin(auth: AuthContext) -> None:
-    """Raise HTTP 403 unless the authenticated actor is a user admin."""
+def require_user_actor(auth: AuthContext) -> None:
+    """Raise HTTP 403 unless the authenticated actor is a human user (not an agent).
+
+    NOTE: This is an actor-type check, NOT a privilege/role check.
+    For admin privilege enforcement, use ``require_org_admin`` (organization-level)
+    or check ``user.is_super_admin`` (global-level).
+    """
     if auth.actor_type != "user" or auth.user is None:
         raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)