diff --git a/gn_auth/auth/authorisation/data/phenotypes.py b/gn_auth/auth/authorisation/data/phenotypes.py
index 08a0524..3e45af3 100644
--- a/gn_auth/auth/authorisation/data/phenotypes.py
+++ b/gn_auth/auth/authorisation/data/phenotypes.py
@@ -8,8 +8,12 @@ from MySQLdb.cursors import DictCursor
 
 from gn_auth.auth.db import sqlite3 as authdb
 
+from gn_auth.auth.errors import AuthorisationError
 from gn_auth.auth.authorisation.checks import authorised_p
-from gn_auth.auth.authorisation.resources.groups.models import Group
+from gn_auth.auth.authorisation.resources.system.models import system_resource
+from gn_auth.auth.authorisation.resources.groups.models import Group, group_resource
+
+from gn_auth.auth.authorisation.resources.checks import authorised_for2
 
 def linked_phenotype_data(
         authconn: authdb.DbConnection, gn3conn: gn3db.Connection,
@@ -83,7 +87,7 @@ def ungrouped_phenotype_data(
 
     return tuple()
 
-def __traits__(gn3conn: gn3db.Connection, params: tuple[dict, ...]) -> tuple[dict, ...]:
+def pheno_traits_from_db(gn3conn: gn3db.Connection, params: tuple[dict, ...]) -> tuple[dict, ...]:
     """An internal utility function. Don't use outside of this module."""
     if len(params) < 1:
         return tuple()
@@ -110,21 +114,33 @@ def __traits__(gn3conn: gn3db.Connection, params: tuple[dict, ...]) -> tuple[dic
                 for itm in sublist))
         return cursor.fetchall()
 
-@authorised_p(("system:data:link-to-group",),
-              error_description=(
-                  "You do not have sufficient privileges to link data to (a) "
-                  "group(s)."),
-              oauth2_scope="profile group resource")
+
 def link_phenotype_data(
-        authconn:authdb.DbConnection, gn3conn: gn3db.Connection, group: Group,
-        traits: tuple[dict, ...]) -> dict:
+        authconn: authdb.DbConnection,
+        user,
+        group: Group,
+        traits: tuple[dict, ...]
+) -> dict:
     """Link phenotype traits to a user group."""
+    if not (authorised_for2(authconn,
+                            user,
+                            system_resource(authconn),
+                            ("system:data:link-to-group",))
+            or
+            authorised_for2(authconn,
+                            user,
+                            group_resource(authconn, group.group_id),
+                            ("group:data:link-to-group",))
+            ):
+        raise AuthorisationError(
+            "You do not have sufficient privileges to link data to group "
+            f"'{group.group_name}'.")
     with authdb.cursor(authconn) as cursor:
         params = tuple({
             "data_link_id": str(uuid.uuid4()),
             "group_id": str(group.group_id),
             **item
-        } for item in __traits__(gn3conn, traits))
+        } for item in traits)
         cursor.executemany(
             "INSERT INTO linked_phenotype_data "
             "VALUES ("
diff --git a/gn_auth/auth/authorisation/data/views.py b/gn_auth/auth/authorisation/data/views.py
index 38eaad6..9123949 100644
--- a/gn_auth/auth/authorisation/data/views.py
+++ b/gn_auth/auth/authorisation/data/views.py
@@ -35,8 +35,8 @@ from ..resources.models import (
 from ...authentication.users import User
 from ...authentication.oauth2.resource_server import require_oauth
 
-from ..data.phenotypes import link_phenotype_data
 from ..data.mrna import link_mrna_data, ungrouped_mrna_data
+from ..data.phenotypes import link_phenotype_data, pheno_traits_from_db
 from ..data.genotypes import link_genotype_data, ungrouped_genotype_data
 
 data = Blueprint("data", __name__)
@@ -189,7 +189,7 @@ def __search_mrna__():
 def __request_key__(key: str, default: Any = ""):
     if bool(request_json()):
         return request_json().get(#type: ignore[union-attr]
-            key, request.args.get(key, request_json().get(key, default)))
+            key, request.args.get(key, default))
     return request.args.get(key, request_json().get(key, default))
 
 def __request_key_list__(key: str, default: tuple[Any, ...] = tuple()):
@@ -312,6 +312,7 @@ def link_mrna() -> Response:
         partial(__link__, **__values__(request_json()))))
 
 @data.route("/link/phenotype", methods=["POST"])
+@require_oauth("profile group resource")
 def link_phenotype() -> Response:
     """Link phenotype data to group."""
     def __values__(form):
@@ -327,14 +328,27 @@ def link_phenotype() -> Response:
             raise InvalidData("Expected at least one dataset to be provided.")
         return {
             "group_id": uuid.UUID(form["group_id"]),
-            "traits": form["selected"]
+            "traits": form["selected"],
+            "using_raw_ids": bool(form.get("using-raw-ids") == "on")
         }
 
-    with gn3db.database_connection(app.config["SQL_URI"]) as gn3conn:
-        def __link__(conn: db.DbConnection, group_id: uuid.UUID,
-                     traits: tuple[dict, ...]) -> dict:
-            return link_phenotype_data(
-                conn, gn3conn, group_by_id(conn, group_id), traits)
+    with (require_oauth.acquire("profile group resource") as token,
+          gn3db.database_connection(app.config["SQL_URI"]) as gn3conn):
+        def __link__(
+                conn: db.DbConnection,
+                group_id: uuid.UUID,
+                traits: tuple[dict, ...],
+                using_raw_ids: bool = False
+        ) -> dict:
+            if using_raw_ids:
+                return link_phenotype_data(conn,
+                                           token.user,
+                                           group_by_id(conn, group_id),
+                                           traits)
+            return link_phenotype_data(conn,
+                                       token.user,
+                                       group_by_id(conn, group_id),
+                                       pheno_traits_from_db(gn3conn, traits))
 
         return jsonify(with_db_connection(
             partial(__link__, **__values__(request_json()))))