diff --git a/changelog/0.3.0_2020-08-26/filter-settings.md b/changelog/0.3.0_2020-08-26/filter-settings.md
new file mode 100644
index 000000000..2fae06b66
--- /dev/null
+++ b/changelog/0.3.0_2020-08-26/filter-settings.md
@@ -0,0 +1,6 @@
+Change: Filter settings by permissions
+
+`BundleService.GetBundle` and `BundleService.ListBundles` are now filtered by READ permissions in the role of the authenticated user. This prevents settings from being visible to the user when their role doesn't have appropriate permissions.
+
+https://github.com/owncloud/product/issues/99
+https://github.com/owncloud/ocis-settings/pull/48