diff --git a/services/web/app/coffee/Features/Editor/EditorHttpController.coffee b/services/web/app/coffee/Features/Editor/EditorHttpController.coffee
index d74c9dd4d9..28c064f42f 100644
--- a/services/web/app/coffee/Features/Editor/EditorHttpController.coffee
+++ b/services/web/app/coffee/Features/Editor/EditorHttpController.coffee
@@ -22,6 +22,9 @@ module.exports = EditorHttpController =
 		Metrics.inc "editor.join-project"
 		EditorHttpController._buildJoinProjectView req, project_id, user_id, (error, project, privilegeLevel) ->
 			return next(error) if error?
+			# Hide access tokens if this is not the project owner
+			if privilegeLevel != 'owner' && project.tokens?
+				project.tokens = {readOnly: '', readAndWrite: ''}
 			res.json {
 				project: project
 				privilegeLevel: privilegeLevel