diff --git a/app/models/user_event.rb b/app/models/user_event.rb
index 12dc03f1b..cf362b515 100644
--- a/app/models/user_event.rb
+++ b/app/models/user_event.rb
@@ -24,10 +24,10 @@ class UserEvent < ApplicationRecord
   delegate :country, :city, :is_proxy?, to: :ip_geolocation, allow_nil: true
 
   def self.visible(user)
-    if user.is_admin?
+    if user.is_moderator?
       all
-    elsif user.is_moderator?
-      where(category: [:login, :logout, :user_creation]).or(where(user: user))
+    elsif user.is_anonymous?
+      none
     else
       where(user: user)
     end
diff --git a/test/functional/user_events_controller_test.rb b/test/functional/user_events_controller_test.rb
index 280481da8..01585e56a 100644
--- a/test/functional/user_events_controller_test.rb
+++ b/test/functional/user_events_controller_test.rb
@@ -25,11 +25,11 @@ class UserEventsControllerTest < ActionDispatch::IntegrationTest
         assert_response 403
       end
 
-      should "only show mods authorized events" do
+      should "show mods all events" do
         get_auth user_events_path(search: { category: "password_change" }), create(:moderator_user)
 
         assert_response :success
-        assert_select "tbody tr", count: 0
+        assert_select "tbody tr", count: 1
       end
     end
   end