diff --git a/lib/mv_web/authorization.ex b/lib/mv_web/authorization.ex
index d20be7d..d821416 100644
--- a/lib/mv_web/authorization.ex
+++ b/lib/mv_web/authorization.ex
@@ -97,12 +97,18 @@ defmodule MvWeb.Authorization do
   @doc """
   Checks if user can access a specific page.
 
+  Nil-safe: returns false when user is nil (e.g. unauthenticated or layout
+  assigns regression), so callers do not need to guard.
+
   ## Examples
 
       iex> admin = %{role: %{permission_set_name: "admin"}}
       iex> can_access_page?(admin, "/admin/roles")
       true
 
+      iex> can_access_page?(nil, "/members")
+      false
+
       iex> mitglied = %{role: %{permission_set_name: "own_data"}}
       iex> can_access_page?(mitglied, "/members")
       false