diff --git a/crates/router/src/core/user_role.rs b/crates/router/src/core/user_role.rs
index 5973a20dd33a..9145706c10c0 100644
--- a/crates/router/src/core/user_role.rs
+++ b/crates/router/src/core/user_role.rs
@@ -153,6 +153,14 @@ pub async fn update_user_role(
             ));
         }
 
+        if role_info.get_entity_type() != role_to_be_updated.get_entity_type() {
+            return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
+                "Upgrade and downgrade of roles is not allowed, user_entity_type = {} req_entity_type = {}",
+                role_to_be_updated.get_entity_type(),
+                role_info.get_entity_type(),
+            ));
+        }
+
         if updator_role.get_entity_type() < role_to_be_updated.get_entity_type() {
             return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
                 "Invalid operation, update requestor = {} cannot update target = {}",
@@ -218,6 +226,14 @@ pub async fn update_user_role(
             ));
         }
 
+        if role_info.get_entity_type() != role_to_be_updated.get_entity_type() {
+            return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
+                "Upgrade and downgrade of roles is not allowed, user_entity_type = {} req_entity_type = {}",
+                role_to_be_updated.get_entity_type(),
+                role_info.get_entity_type(),
+            ));
+        }
+
         if updator_role.get_entity_type() < role_to_be_updated.get_entity_type() {
             return Err(report!(UserErrors::InvalidRoleOperation)).attach_printable(format!(
                 "Invalid operation, update requestor = {} cannot update target = {}",