diff --git a/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/health/HealthWebEndpointResponseMapper.java b/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/health/HealthWebEndpointResponseMapper.java
index e863eb330bd..868d8280235 100644
--- a/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/health/HealthWebEndpointResponseMapper.java
+++ b/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/health/HealthWebEndpointResponseMapper.java
@@ -97,8 +97,11 @@ public class HealthWebEndpointResponseMapper {
 	}
 
 	private boolean canSeeDetails(SecurityContext securityContext, ShowDetails showDetails) {
-		return showDetails != ShowDetails.NEVER && (showDetails != ShowDetails.WHEN_AUTHORIZED
-				|| (securityContext.getPrincipal() != null && isUserInRole(securityContext)));
+		if (showDetails == ShowDetails.NEVER || (showDetails == ShowDetails.WHEN_AUTHORIZED
+				&& (securityContext.getPrincipal() == null || !isUserInRole(securityContext)))) {
+			return false;
+		}
+		return true;
 	}
 
 	private boolean isUserInRole(SecurityContext securityContext) {