diff --git a/backend/middleware/auth.js b/backend/middleware/auth.js
index 1bc1dcc..5fa29a7 100644
--- a/backend/middleware/auth.js
+++ b/backend/middleware/auth.js
@@ -99,6 +99,8 @@ function requireGroup(...allowedGroups) {
 
 // Require team assignment — enforces team-scoped data access.
 // Admin group bypasses (req.teamScope = null means "no filter").
+// However, if an Admin passes a ?teams= query param (via the scope toggle),
+// it is respected as a voluntary filter.
 // Non-admin users without teams get 403.
 // Non-admin users with teams get req.teamScope = { short: [...], ivanti: [...] }.
 function requireTeam() {
@@ -107,8 +109,19 @@ function requireTeam() {
             return res.status(401).json({ error: 'Authentication required' });
         }
 
-        // Admin bypass — full access to all teams
+        // Admin bypass — but respect optional ?teams= param as voluntary scope
         if (req.user.group === 'Admin') {
+            const teamsParam = req.query?.teams;
+            if (teamsParam) {
+                const teams = teamsParam.split(',').map(t => t.trim()).filter(Boolean);
+                if (teams.length > 0) {
+                    req.teamScope = {
+                        short: teams,
+                        ivanti: teams.map(t => teamToIvanti(t))
+                    };
+                    return next();
+                }
+            }
             req.teamScope = null;
             return next();
         }