diff --git a/backend/internal/access-list.js b/backend/internal/access-list.js
index a640c1e..69e13f4 100644
--- a/backend/internal/access-list.js
+++ b/backend/internal/access-list.js
@@ -25,6 +25,10 @@ const internalAccessList = {
 	create: (access, data) => {
 		return access.can('access_lists:create', data)
 			.then((/*access_data*/) => {
+				if ((typeof data.items === 'undefined' || !data.items.length) && (typeof data.clients === 'undefined' || !data.clients.length)) {
+					throw new error.InternalValidationError('At leaste one user/pass or address must be defined');
+				}
+
 				return accessListModel
 					.query()
 					.omit(omissions())
@@ -110,6 +114,10 @@ const internalAccessList = {
 	update: (access, data) => {
 		return access.can('access_lists:update', data.id)
 			.then((/*access_data*/) => {
+				if ((typeof data.items === 'undefined' || !data.items.length) && (typeof data.clients === 'undefined' || !data.clients.length)) {
+					throw new error.InternalValidationError('At leaste one user/pass or address must be defined');
+				}
+				
 				return internalAccessList.get(access, {id: data.id});
 			})
 			.then((row) => {