diff --git a/ogcp/forms/auth.py b/ogcp/forms/auth.py
index d85931b..a76ec7c 100644
--- a/ogcp/forms/auth.py
+++ b/ogcp/forms/auth.py
@@ -7,7 +7,8 @@
 
 from wtforms import (
     Form, SubmitField, HiddenField, SelectField, BooleanField, IntegerField,
-    StringField, RadioField, PasswordField, SelectMultipleField, widgets
+    StringField, RadioField, PasswordField, SelectMultipleField, FormField,
+    widgets
 )
 from wtforms.validators import InputRequired, Optional
 from flask_wtf import FlaskForm
@@ -28,6 +29,12 @@ class LoginForm(FlaskForm):
     )
 
 
+class PermissionForm(FlaskForm):
+    add = BooleanField(_l('Add'), default=True)
+    update = BooleanField(_l('Update'), default=True)
+    delete = BooleanField(_l('Delete'), default=True)
+
+
 class UserForm(FlaskForm):
     username = StringField(
         label=_l('Username'),
@@ -50,6 +57,12 @@ class UserForm(FlaskForm):
         option_widget=widgets.CheckboxInput(),
         widget=widgets.ListWidget(prefix_label=False)
     )
+    client_permissions = FormField(PermissionForm, label=_l('Client Permissions'))
+    center_permissions = FormField(PermissionForm, label=_l('Center Permissions'))
+    room_permissions = FormField(PermissionForm, label=_l('Room Permissions'))
+    folder_permissions = FormField(PermissionForm, label=_l('Folder Permissions'))
+    image_permissions = FormField(PermissionForm, label=_l('Image Permissions'))
+    repository_permissions = FormField(PermissionForm, label=_l('Repository Permissions'))
     submit_btn = SubmitField(
         label=_l('Submit')
     )
diff --git a/ogcp/models.py b/ogcp/models.py
index d27b869..ef050ed 100644
--- a/ogcp/models.py
+++ b/ogcp/models.py
@@ -8,7 +8,18 @@
 from flask_login import UserMixin
 
 class User(UserMixin):
-    def __init__(self, username, scopes, admin):
+    def __init__(self, username, scopes, admin, permissions):
         self.id = username
         self.scopes = scopes
         self.admin = admin
+        self.permissions = permissions
+
+    def get_permission(self, target, action):
+        if self.admin or not target in self.permissions:
+            return True
+        return self.permissions[target].get(action, True)
+
+    def target_is_disabled(self, target):
+        if self.admin or not target in self.permissions or not self.permissions[target]:
+            return False
+        return all(value == False for value in self.permissions[target].values())
diff --git a/ogcp/templates/auth/add_user.html b/ogcp/templates/auth/add_user.html
index cc5ed09..4661236 100644
--- a/ogcp/templates/auth/add_user.html
+++ b/ogcp/templates/auth/add_user.html
@@ -1,53 +1,5 @@
-{% extends 'users.html' %}
-{% import "bootstrap/wtf.html" as wtf %}
+{% extends 'auth/user_form.html' %}
 
-{% set sidebar_state = 'disabled' %}
-{% set btn_back = true %}
+{% block subhead_heading %}{{_('Add user')}}{% endblock %}
 
-{% block nav_user_add %}active{% endblock %}
-{% block content %}
-
-<h1 class="m-5">{{_('Add a user')}}</h1>
-
-<form action="{{ url_for('user_add_post') }}" method="post" class="form">
-    {{ form.hidden_tag() }}
-
-    <div class="form-group">
-        {{ form.username.label(class_='form-label') }}
-        {{ form.username(class_='form-control') }}
-    </div>
-
-    <div class="form-group">
-        {{ form.pwd.label(class_='form-label') }}
-        {{ form.pwd(class_='form-control') }}
-    </div>
-
-    <div class="form-group">
-        {{ form.pwd_confirm.label(class_='form-label') }}
-        {{ form.pwd_confirm(class_='form-control') }}
-    </div>
-
-    <div class="form-group form-check">
-        {{ form.admin(class_='form-check-input') }}
-        {{ form.admin.label(class_='form-check-label') }}
-    </div>
-
-    <div class="form-group">
-        {{ form.scopes.label(class_='form-label') }}
-        <div class="form-text text-muted">{{ form.scopes.description }}</div>
-        <div>
-            {% for value, label, checked in form.scopes.iter_choices() %}
-                <div class="form-check">
-                    <input class="form-check-input" type="checkbox" name="{{ form.scopes.name }}" value="{{ value }}" {% if checked %} checked {% endif %}>
-                    <label class="form-check-label">{{ label }}</label>
-                </div>
-            {% endfor %}
-        </div>
-    </div>
-
-    <div class="form-group">
-        {{ form.submit_btn(class_='btn btn-primary') }}
-    </div>
-</form>
-
-{% endblock %}
+{% block form_action %}{{ url_for('user_add_post') }}{% endblock %}
diff --git a/ogcp/templates/auth/edit_user.html b/ogcp/templates/auth/edit_user.html
index 3b10508..42ba5aa 100644
--- a/ogcp/templates/auth/edit_user.html
+++ b/ogcp/templates/auth/edit_user.html
@@ -1,53 +1,9 @@
-{% extends 'users.html' %}
-{% import "bootstrap/wtf.html" as wtf %}
+{% extends 'auth/user_form.html' %}
 
-{% set sidebar_state = 'disabled' %}
-{% set btn_back = true %}
+{% block subhead_heading %}{{_('Edit user {}').format(form.username.data)}}{% endblock %}
 
-{% block nav_user_edit %}active{% endblock %}
-{% block content %}
+{% block form_action %}{{ url_for('user_edit_post') }}{% endblock %}
 
-<h1 class="m-5">{{_('Edit user {}').format(form.username.data)}}</h1>
+{% block pwd_field %}<input type="password" name="pwd" class="form-control" placeholder="{{ _('Leave blank if not changing') }}">{% endblock %}
 
-<form action="{{ url_for('user_edit_post') }}" method="post" class="form">
-    {{ form.hidden_tag() }}
-
-    <div class="form-group">
-        {{ form.username.label(class_='form-label') }}
-        {{ form.username(class_='form-control') }}
-    </div>
-
-    <div class="form-group">
-        {{ form.pwd.label(class_='form-label') }}
-        <input type="password" name="pwd" class="form-control" placeholder="{{ _('Leave blank if not changing') }}">
-    </div>
-
-    <div class="form-group">
-        {{ form.pwd_confirm.label(class_='form-label') }}
-        <input type="password" name="pwd_confirm" class="form-control" placeholder="{{ _('Leave blank if not changing') }}">
-    </div>
-
-    <div class="form-group form-check">
-        {{ form.admin(class_='form-check-input') }}
-        {{ form.admin.label(class_='form-check-label') }}
-    </div>
-
-    <div class="form-group">
-        {{ form.scopes.label(class_='form-label') }}
-        <div class="form-text text-muted">{{ form.scopes.description }}</div>
-        <div>
-            {% for value, label, checked in form.scopes.iter_choices() %}
-                <div class="form-check">
-                    <input class="form-check-input" type="checkbox" name="{{ form.scopes.name }}" value="{{ value }}" {% if checked %} checked {% endif %}>
-                    <label class="form-check-label">{{ label }}</label>
-                </div>
-            {% endfor %}
-        </div>
-    </div>
-
-    <div class="form-group">
-        {{ form.submit_btn(class_='btn btn-primary') }}
-    </div>
-</form>
-
-{% endblock %}
+{% block pwd_confirm_field %}<input type="password" name="pwd_confirm" class="form-control" placeholder="{{ _('Leave blank if not changing') }}">{% endblock %}
diff --git a/ogcp/templates/auth/user_form.html b/ogcp/templates/auth/user_form.html
new file mode 100644
index 0000000..7b6b338
--- /dev/null
+++ b/ogcp/templates/auth/user_form.html
@@ -0,0 +1,126 @@
+{% extends 'users.html' %}
+{% import "bootstrap/wtf.html" as wtf %}
+
+{% set sidebar_state = 'disabled' %}
+{% set btn_back = true %}
+
+{% block nav_user_add %}active{% endblock %}
+{% block content %}
+
+<h1 class="m-5">{% block subhead_heading %}{% endblock %}</h1>
+
+<form action="{% block form_action %}{% endblock %}" method="post" class="form">
+    {{ form.hidden_tag() }}
+
+    <div class="form-group">
+        {{ form.username.label(class_='form-label') }}
+        {{ form.username(class_='form-control') }}
+    </div>
+
+    <div class="form-group">
+        {{ form.pwd.label(class_='form-label') }}
+        {% block pwd_field %}{{ form.pwd(class_='form-control') }}{% endblock %}
+    </div>
+
+    <div class="form-group">
+        {{ form.pwd_confirm.label(class_='form-label') }}
+        {% block pwd_confirm_field %}{{ form.pwd_confirm(class_='form-control') }}{% endblock %}
+    </div>
+
+    <div class="form-group">
+        <div class="custom-control custom-switch">
+            {{ form.admin(class_="custom-control-input", id="adminToggle") }}
+            <label class="custom-control-label" for="adminToggle">{{ form.admin.label.text }}</label>
+        </div>
+    </div>
+
+    <!-- jQuery -->
+    <script src="{{ url_for('static', filename='AdminLTE/plugins/jquery/jquery.min.js') }}"></script>
+    <script>
+        $(document).ready(function(){
+
+            var isAdminEnabled = $('#adminToggle').is(':checked');
+            if(isAdminEnabled) {
+                $('#PermissionSection').hide();
+            }
+
+            $('#adminToggle').change(function() {
+                isAdminEnabled = $(this).is(':checked');
+                $('#PermissionSection').toggle(!isAdminEnabled);
+            });
+        });
+    </script>
+
+    <div id="PermissionSection">
+        <div class="form-group">
+            <label class="form-label">{{ _('Permissions') }}</label>
+            <table class="text-center table">
+                <thead>
+                    <tr>
+                        <th></th>
+                        <th>{{ form.client_permissions.add.label.text }}</th>
+                        <th>{{ form.client_permissions.update.label.text }}</th>
+                        <th>{{ form.client_permissions.delete.label.text }}</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <tr>
+                        <th>{{ form.client_permissions.label }}</th>
+                        <td>{{ form.client_permissions.add() }}</td>
+                        <td>{{ form.client_permissions.update() }}</td>
+                        <td>{{ form.client_permissions.delete() }}</td>
+                    </tr>
+                    <tr>
+                        <th>{{ form.center_permissions.label }}</th>
+                        <td>{{ form.center_permissions.add() }}</td>
+                        <td>{{ form.center_permissions.update() }}</td>
+                        <td>{{ form.center_permissions.delete() }}</td>
+                    </tr>
+                    <tr>
+                        <th>{{ form.room_permissions.label }}</th>
+                        <td>{{ form.room_permissions.add() }}</td>
+                        <td>{{ form.room_permissions.update() }}</td>
+                        <td>{{ form.room_permissions.delete() }}</td>
+                    </tr>
+                    <tr>
+                        <th>{{ form.folder_permissions.label }}</th>
+                        <td>{{ form.folder_permissions.add() }}</td>
+                        <td>{{ form.folder_permissions.update() }}</td>
+                        <td>{{ form.folder_permissions.delete() }}</td>
+                    </tr>
+                    <tr>
+                        <th>{{ form.image_permissions.label }}</th>
+                        <td>{{ form.image_permissions.add() }}</td>
+                        <td>{{ form.image_permissions.update() }}</td>
+                        <td>{{ form.image_permissions.delete() }}</td>
+                    </tr>
+                    <tr>
+                        <th>{{ form.repository_permissions.label }}</th>
+                        <td>{{ form.repository_permissions.add() }}</td>
+                        <td>{{ form.repository_permissions.update() }}</td>
+                        <td>{{ form.repository_permissions.delete() }}</td>
+                    </tr>
+                </tbody>
+            </table>
+        </div>
+
+        <div class="form-group">
+            {{ form.scopes.label(class_='form-label') }}
+            <div class="form-text text-muted">{{ form.scopes.description }}</div>
+            <div>
+                {% for value, label, checked in form.scopes.iter_choices() %}
+                    <div class="form-check">
+                        <input class="form-check-input" type="checkbox" name="{{ form.scopes.name }}" value="{{ value }}" {% if checked %} checked {% endif %}>
+                        <label class="form-check-label">{{ label }}</label>
+                    </div>
+                {% endfor %}
+            </div>
+        </div>
+    </div>
+
+    <div class="form-group">
+        {{ form.submit_btn(class_='btn btn-primary') }}
+    </div>
+</form>
+
+{% endblock %}
diff --git a/ogcp/templates/base.html b/ogcp/templates/base.html
index 9839029..2af9873 100644
--- a/ogcp/templates/base.html
+++ b/ogcp/templates/base.html
@@ -36,10 +36,10 @@
                     <li class="nav-item {% block nav_scopes%}{% endblock %}">
                         <a class="nav-link" href="{{ url_for('scopes') }}">{{ _('Scopes management') }}</a>
                     </li>
-                    {% if current_user.admin %}
                     <li class="nav-item {% block nav_repos %}{% endblock %}">
                         <a class="nav-link" href="{{ url_for('manage_repos') }}">{{ _('Repos') }}</a>
                     </li>
+                    {% if current_user.admin %}
                     <li class="nav-item {% block nav_users %}{% endblock %}">
                         <a class="nav-link" href="{{ url_for('users') }}">{{ _('Users') }}</a>
                     </li>
diff --git a/ogcp/templates/commands.html b/ogcp/templates/commands.html
index 7a63c38..9bb0176 100644
--- a/ogcp/templates/commands.html
+++ b/ogcp/templates/commands.html
@@ -16,7 +16,7 @@
 {% endblock %}
 
 {% block commands %}
-
+{% if current_user.is_authenticated %}
   <div class="dropdown btn">
     <button class="btn btn-secondary btn-light dropdown-toggle{% block nav_client %}{% endblock %}" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false">
 	    {{ _('Client') }}
@@ -66,10 +66,14 @@
 	    {{ _('Image') }}
     </button>
     <div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
+    {% if current_user.get_permission('IMAGE', 'ADD') %}
     <input class="btn btn-light dropdown-item{% block nav_image_create %}{% endblock %}" type="submit" value="{{ _('Create image') }}"
            form="scopesForm" formaction="{{ url_for('action_image_create') }}" formmethod="get">
+    {% endif %}
+    {% if current_user.get_permission('IMAGE', 'UPDATE') %}
     <input class="btn btn-light dropdown-item {% block nav_image_update %}{% endblock %}" type="submit" value="{{ _('Update image') }}"
            form="scopesForm" formaction="{{ url_for('action_image_update') }}" formmethod="get">
+    {% endif %}
     <input class="btn btn-light dropdown-item{% block nav_image_restore %}{% endblock %}" type="submit" value="{{ _('Restore Image') }}"
            form="scopesForm" formaction="{{ url_for('action_image_restore') }}" formmethod="get">
     </div>
@@ -109,7 +113,7 @@
            form="scopesForm" formaction="{{ url_for('action_legacy_rt_log') }}" formmethod="get" formtarget="_blank">
     </div>
   </div>
-
+{% endif %}
   {% if btn_back %}
     <button class="btn btn-danger ml-3" type="button" id="backButton" onclick="history.back()">
       {{ _("Back") }}
diff --git a/ogcp/templates/images.html b/ogcp/templates/images.html
index c439e52..00bb2e4 100644
--- a/ogcp/templates/images.html
+++ b/ogcp/templates/images.html
@@ -58,13 +58,15 @@
 {% endblock %}
 
 {% block commands %}
-  <input class="btn btn-light" type="submit" value="{{ _('Image details') }}"
-         form="imagesForm" formaction="{{ url_for('action_image_info') }}" formmethod="get">
-  <input class="btn btn-light" type="submit" value="{{ _('List images') }}"
-         form="imagesForm" formaction="{{ url_for('action_image_list') }}" formmethod="get">
-{% if current_user.admin %}
-  <input class="btn btn-light" type="submit" value="{{ _('Delete image') }}"
-         form="imagesForm" formaction="{{ url_for('action_image_delete') }}" formmethod="get">
+{% if current_user.is_authenticated %}
+    <input class="btn btn-light" type="submit" value="{{ _('Image details') }}"
+        form="imagesForm" formaction="{{ url_for('action_image_info') }}" formmethod="get">
+    <input class="btn btn-light" type="submit" value="{{ _('List images') }}"
+        form="imagesForm" formaction="{{ url_for('action_image_list') }}" formmethod="get">
+    {% if current_user.get_permission('IMAGE', 'DELETE') %}
+    <input class="btn btn-light" type="submit" value="{{ _('Delete image') }}"
+        form="imagesForm" formaction="{{ url_for('action_image_delete') }}" formmethod="get">
+    {% endif %}
 {% endif %}
   {% if btn_back %}
     <button class="btn btn-danger ml-3" type="button" id="backButton" onclick="history.back()">
diff --git a/ogcp/templates/repos.html b/ogcp/templates/repos.html
index ef56d2a..06bee58 100644
--- a/ogcp/templates/repos.html
+++ b/ogcp/templates/repos.html
@@ -50,14 +50,22 @@
 {% endblock %}
 
 {% block commands %}
-  <input class="btn btn-light {% block nav_repo_info %}{% endblock %}" type="submit" value="{{ _('Repo details') }}"
-         form="reposForm" formaction="{{ url_for('action_repo_info') }}" formmethod="get">
-  <input class="btn btn-light {% block nav_repo_add %}{% endblock %}" type="submit" value="{{ _('Add repo') }}"
-         form="reposForm" formaction="{{ url_for('action_repo_add') }}" formmethod="get">
-  <input class="btn btn-light {% block nav_repo_delete %}{% endblock %}" type="submit" value="{{ _('Delete repo') }}"
-         form="reposForm" formaction="{{ url_for('action_repo_delete') }}" formmethod="get">
-  <input class="btn btn-light {% block nav_repo_update %}{% endblock %}" type="submit" value="{{ _('Update repo') }}"
-         form="reposForm" formaction="{{ url_for('action_repo_update') }}" formmethod="get">
+{% if current_user.is_authenticated %}
+    <input class="btn btn-light {% block nav_repo_info %}{% endblock %}" type="submit" value="{{ _('Repo details') }}"
+        form="reposForm" formaction="{{ url_for('action_repo_info') }}" formmethod="get">
+    {% if current_user.get_permission('REPOSITORY', 'ADD') %}
+    <input class="btn btn-light {% block nav_repo_add %}{% endblock %}" type="submit" value="{{ _('Add repo') }}"
+        form="reposForm" formaction="{{ url_for('action_repo_add') }}" formmethod="get">
+    {% endif %}
+    {% if current_user.get_permission('REPOSITORY', 'DELETE') %}
+    <input class="btn btn-light {% block nav_repo_delete %}{% endblock %}" type="submit" value="{{ _('Delete repo') }}"
+        form="reposForm" formaction="{{ url_for('action_repo_delete') }}" formmethod="get">
+    {% endif %}
+    {% if current_user.get_permission('REPOSITORY', 'UPDATE') %}
+    <input class="btn btn-light {% block nav_repo_update %}{% endblock %}" type="submit" value="{{ _('Update repo') }}"
+        form="reposForm" formaction="{{ url_for('action_repo_update') }}" formmethod="get">
+    {% endif %}
+{% endif %}
 
   {% if btn_back %}
     <button class="btn btn-danger ml-3" type="button" id="backButton" onclick="history.back()">
diff --git a/ogcp/templates/scopes.html b/ogcp/templates/scopes.html
index dc5eb71..8236877 100644
--- a/ogcp/templates/scopes.html
+++ b/ogcp/templates/scopes.html
@@ -16,72 +16,103 @@
 {% endblock %}
 
 {% block commands %}
-  {% if current_user.is_authenticated %}
+{% if current_user.is_authenticated %}
+
+  {% if not current_user.target_is_disabled('CLIENT') %}
   <div class="dropdown btn">
     <button class="btn btn-secondary btn-light dropdown-toggle {% block nav_client %}{% endblock %}" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false">
         {{ _('Client') }}
     </button>
     <div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
+      {% if current_user.get_permission('CLIENT', 'ADD') %}
       <input class="btn btn-light dropdown-item {% block nav_client_add %}{% endblock %}" type="submit" value="{{ _('Add client') }}"
-             form="scopesForm" formaction="{{ url_for('action_client_add') }}" formmethod="get">
+      form="scopesForm" formaction="{{ url_for('action_client_add') }}" formmethod="get">
+      {% endif %}
       <input class="btn btn-light dropdown-item {% block nav_client_update %}{% endblock %}" type="submit" value="{{ _('Update client') }}"
              form="scopesForm" formaction="{{ url_for('action_client_update') }}" formmethod="get">
+      {% if current_user.get_permission('CLIENT', 'UPDATE') %}
       <input class="btn btn-light dropdown-item {% block nav_client_move %}{% endblock %}" type="submit" value="{{ _('Move client') }}"
-             form="scopesForm" formaction="{{ url_for('action_client_move') }}" formmethod="get">
+      form="scopesForm" formaction="{{ url_for('action_client_move') }}" formmethod="get">
+      {% endif %}
+      {% if current_user.get_permission('CLIENT', 'ADD') %}
       <input class="btn btn-light dropdown-item {% block nav_clients_import %}{% endblock %}" type="submit" value="{{ _('Import clients') }}"
-             form="scopesForm" formaction="{{ url_for('action_clients_import_get') }}" formmethod="get">
+      form="scopesForm" formaction="{{ url_for('action_clients_import_get') }}" formmethod="get">
+      {% endif %}
+      {% if current_user.get_permission('CLIENT', 'DELETE') %}
       <input class="btn btn-light dropdown-item {% block nav_client_delete %}{% endblock %}" type="submit" value="{{ _('Delete client') }}"
-             form="scopesForm" formaction="{{ url_for('action_client_delete') }}" formmethod="get">
+      form="scopesForm" formaction="{{ url_for('action_client_delete') }}" formmethod="get">
+      {% endif %}
     </div>
   </div>
   {% endif %}
-  {% if current_user.admin %}
+
   <div class="dropdown btn">
     <button class="btn btn-secondary btn-light dropdown-toggle {% block nav_room %}{% endblock %}" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false">
         {{ _('Room') }}
     </button>
     <div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
+      {% if current_user.get_permission('ROOM', 'ADD') %}
       <input class="btn btn-light dropdown-item {% block nav_room_add %}{% endblock %}" type="submit" value="{{ _('Add room') }}"
-             form="scopesForm" formaction="{{ url_for('action_room_add') }}" formmethod="get">
+      form="scopesForm" formaction="{{ url_for('action_room_add') }}" formmethod="get">
+      {% endif %}
+      {% if current_user.get_permission('ROOM', 'UPDATE') %}
       <input class="btn btn-light dropdown-item {% block nav_room_update %}{% endblock %}" type="submit" value="{{ _('Update room') }}"
-             form="scopesForm" formaction="{{ url_for('action_room_update') }}" formmethod="get">
+      form="scopesForm" formaction="{{ url_for('action_room_update') }}" formmethod="get">
+      {% endif %}
+      {% if current_user.get_permission('ROOM', 'DELETE') %}
       <input class="btn btn-light dropdown-item {% block nav_room_delete %}{% endblock %}" type="submit" value="{{ _('Delete room') }}"
-             form="scopesForm" formaction="{{ url_for('action_room_delete') }}" formmethod="get">
+      form="scopesForm" formaction="{{ url_for('action_room_delete') }}" formmethod="get">
+      {% endif %}
       <input class="btn btn-light dropdown-item {% block nav_room_info %}{% endblock %}" type="submit" value="{{ _('Room details') }}"
              form="scopesForm" formaction="{{ url_for('action_room_info') }}" formmethod="get">
     </div>
   </div>
+
   <div class="dropdown btn">
     <button class="btn btn-secondary btn-light dropdown-toggle {% block nav_center %}{% endblock %}" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false">
         {{ _('Center') }}
     </button>
     <div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
+      {% if current_user.get_permission('CENTER', 'ADD') %}
       <input class="btn btn-light dropdown-item {% block nav_center_add %}{% endblock %}" type="submit" value="{{ _('Add center') }}"
-             form="scopesForm" formaction="{{ url_for('action_center_add') }}" formmethod="get">
+      form="scopesForm" formaction="{{ url_for('action_center_add') }}" formmethod="get">
+      {% endif %}
+      {% if current_user.get_permission('CENTER', 'UPDATE') %}
       <input class="btn btn-light dropdown-item {% block nav_center_update %}{% endblock %}" type="submit" value="{{ _('Update center') }}"
-             form="scopesForm" formaction="{{ url_for('action_center_update') }}" formmethod="get">
+      form="scopesForm" formaction="{{ url_for('action_center_update') }}" formmethod="get">
+      {% endif %}
+      {% if current_user.get_permission('CENTER', 'DELETE') %}
       <input class="btn btn-light dropdown-item {% block nav_center_delete %}{% endblock %}" type="submit" value="{{ _('Delete center') }}"
-             form="scopesForm" formaction="{{ url_for('action_center_delete') }}" formmethod="get">
+      form="scopesForm" formaction="{{ url_for('action_center_delete') }}" formmethod="get">
+      {% endif %}
       <input class="btn btn-light dropdown-item {% block nav_center_info %}{% endblock %}" type="submit" value="{{ _('Center details') }}"
              form="scopesForm" formaction="{{ url_for('action_center_info') }}" formmethod="get">
     </div>
   </div>
 
+  {% if not current_user.target_is_disabled('FOLDER') %}
   <div class="dropdown btn">
     <button class="btn btn-secondary btn-light dropdown-toggle {% block nav_folder %}{% endblock %}" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false">
         {{ _('Folder') }}
     </button>
     <div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
+      {% if current_user.get_permission('FOLDER', 'ADD') %}
       <input class="btn btn-light dropdown-item {% block nav_folder_add %}{% endblock %}" type="submit" value="{{ _('Add folder') }}"
         form="scopesForm" formaction="{{ url_for('action_folder_add') }}" formmethod="get">
+      {% endif %}
+      {% if current_user.get_permission('FOLDER', 'UPDATE') %}
       <input class="btn btn-light dropdown-item {% block nav_folder_update %}{% endblock %}" type="submit" value="{{ _('Update folder') }}"
         form="scopesForm" formaction="{{ url_for('action_folder_update') }}" formmethod="get">
+      {% endif %}
+      {% if current_user.get_permission('FOLDER', 'DELETE') %}
       <input class="btn btn-light dropdown-item {% block nav_folder_delete %}{% endblock %}" type="submit" value="{{ _('Delete folder') }}"
         form="scopesForm" formaction="{{ url_for('action_folder_delete') }}" formmethod="get">
+      {% endif %}
     </div>
   </div>
-
   {% endif %}
+{% endif %}
+
   {% if btn_back %}
     <button class="btn btn-danger ml-3" type="button" id="backButton" onclick="history.back()">
       {{ _("Back") }}
diff --git a/ogcp/templates/servers.html b/ogcp/templates/servers.html
index 9a466ea..bc09c4f 100644
--- a/ogcp/templates/servers.html
+++ b/ogcp/templates/servers.html
@@ -25,6 +25,7 @@
 {% endblock %}
 
 {% block commands %}
+{% if current_user.is_authenticated %}
   <input class="btn btn-light {% block nav_server_add %}{% endblock %}" type="submit" value="{{ _('Add server') }}"
          form="serversForm" formaction="{{ url_for('server_add_get') }}" formmethod="get">
   <input class="btn btn-light {% block nav_server_delete %}{% endblock %}" type="submit" value="{{ _('Delete server') }}"
@@ -34,5 +35,6 @@
       {{ _("Back") }}
     </button>
   {% endif %}
+{% endif %}
 {% endblock %}
 
diff --git a/ogcp/templates/users.html b/ogcp/templates/users.html
index 72f23f3..01b0a60 100644
--- a/ogcp/templates/users.html
+++ b/ogcp/templates/users.html
@@ -24,6 +24,7 @@
 {% endblock %}
 
 {% block commands %}
+{% if current_user.is_authenticated %}
   <input class="btn btn-light {% block nav_user_add %}{% endblock %}" type="submit" value="{{ _('Add user') }}"
          form="usersForm" formaction="{{ url_for('user_add_get') }}" formmethod="get">
   <input class="btn btn-light {% block nav_user_edit %}{% endblock %}" type="submit" value="{{ _('Edit user') }}"
@@ -35,5 +36,6 @@
       {{ _("Back") }}
     </button>
   {% endif %}
+{% endif %}
 {% endblock %}
 
diff --git a/ogcp/views.py b/ogcp/views.py
index 45a0f73..9868e78 100644
--- a/ogcp/views.py
+++ b/ogcp/views.py
@@ -311,7 +311,7 @@ def get_scopes(ips=set()):
         list_scopes.append(server_scope)
     all_scopes = {'scope': list_scopes}
     all_scopes = sort_scopes(all_scopes)
-    if current_user.scopes:
+    if not current_user.admin and current_user.scopes:
         remove_disabled_scopes(all_scopes)
     clients = get_clients()
     add_state_and_ips(all_scopes, clients['clients'], ips)
@@ -369,7 +369,10 @@ def load_user(username):
     if not user_dict:
         return None
 
-    user = User(username, user_dict.get('SCOPES'), user_dict.get('ADMIN'))
+    user = User(username,
+                user_dict.get('SCOPES'),
+                user_dict.get('ADMIN'),
+                user_dict.get('PERMISSIONS', {}))
     return user
 
 @app.errorhandler(404)
@@ -458,7 +461,10 @@ def login():
         user_dict = authenticate_user(form_user, pwd_hash)
         if not user_dict:
             return render_template('auth/login.html', form=form)
-        user = User(form_user, user_dict.get('SCOPES'), user_dict.get('ADMIN'))
+        user = User(form_user,
+                    user_dict.get('SCOPES'),
+                    user_dict.get('ADMIN'),
+                    user_dict.get('PERMISSIONS', {}))
         login_user(user)
         return redirect(url_for('index'))
     return render_template('auth/login.html', form=LoginForm())
@@ -3027,6 +3033,38 @@ def save_user(form, preserve_pwd):
         'PASS': pwd_hash,
         'ADMIN': admin,
         'SCOPES': scopes,
+        'PERMISSIONS': {
+            'CLIENT': {
+                'ADD': form.client_permissions.add.data,
+                'UPDATE': form.client_permissions.update.data,
+                'DELETE': form.client_permissions.delete.data,
+            },
+            'CENTER': {
+                'ADD': form.center_permissions.add.data,
+                'UPDATE': form.center_permissions.update.data,
+                'DELETE': form.center_permissions.delete.data,
+            },
+            'ROOM': {
+                'ADD': form.room_permissions.add.data,
+                'UPDATE': form.room_permissions.update.data,
+                'DELETE': form.room_permissions.delete.data,
+            },
+            'FOLDER': {
+                'ADD': form.folder_permissions.add.data,
+                'UPDATE': form.folder_permissions.update.data,
+                'DELETE': form.folder_permissions.delete.data,
+            },
+            'IMAGE': {
+                'ADD': form.image_permissions.add.data,
+                'UPDATE': form.image_permissions.update.data,
+                'DELETE': form.image_permissions.delete.data,
+            },
+            'REPOSITORY': {
+                'ADD': form.repository_permissions.add.data,
+                'UPDATE': form.repository_permissions.update.data,
+                'DELETE': form.repository_permissions.delete.data,
+            },
+        },
     }
 
     filename = os.path.join(app.root_path, ogcp_cfg_path)
@@ -3110,6 +3148,34 @@ def user_edit_get():
     form.username.render_kw = {'readonly': True}
     form.admin.data = user.get('ADMIN')
     form.scopes.data = user.get('SCOPES')
+
+    if 'PERMISSIONS' in user:
+        permissions = user.get('PERMISSIONS')
+
+        def get_permission(target, action):
+            if not target in permissions:
+                return True
+            return permissions[target].get(action, True)
+
+        form.client_permissions.add.data    = get_permission('CLIENT', 'ADD')
+        form.client_permissions.update.data = get_permission('CLIENT', 'UPDATE')
+        form.client_permissions.delete.data = get_permission('CLIENT', 'DELETE')
+        form.center_permissions.add.data    = get_permission('CENTER', 'ADD')
+        form.center_permissions.update.data = get_permission('CENTER', 'UPDATE')
+        form.center_permissions.delete.data = get_permission('CENTER', 'DELETE')
+        form.room_permissions.add.data    = get_permission('ROOM', 'ADD')
+        form.room_permissions.update.data = get_permission('ROOM', 'UPDATE')
+        form.room_permissions.delete.data = get_permission('ROOM', 'DELETE')
+        form.folder_permissions.add.data    = get_permission('FOLDER', 'ADD')
+        form.folder_permissions.update.data = get_permission('FOLDER', 'UPDATE')
+        form.folder_permissions.delete.data = get_permission('FOLDER', 'DELETE')
+        form.image_permissions.add.data    = get_permission('IMAGE', 'ADD')
+        form.image_permissions.update.data = get_permission('IMAGE', 'UPDATE')
+        form.image_permissions.delete.data = get_permission('IMAGE', 'DELETE')
+        form.repository_permissions.add.data    = get_permission('REPOSITORY', 'ADD')
+        form.repository_permissions.update.data = get_permission('REPOSITORY', 'UPDATE')
+        form.repository_permissions.delete.data = get_permission('REPOSITORY', 'DELETE')
+
     form.scopes.choices = get_available_centers()
 
     return render_template('auth/edit_user.html', form=form)

	{{ form.client_permissions.add.label.text }}	{{ form.client_permissions.update.label.text }}	{{ form.client_permissions.delete.label.text }}
{{ form.client_permissions.label }}	{{ form.client_permissions.add() }}	{{ form.client_permissions.update() }}	{{ form.client_permissions.delete() }}
{{ form.center_permissions.label }}	{{ form.center_permissions.add() }}	{{ form.center_permissions.update() }}	{{ form.center_permissions.delete() }}
{{ form.room_permissions.label }}	{{ form.room_permissions.add() }}	{{ form.room_permissions.update() }}	{{ form.room_permissions.delete() }}
{{ form.folder_permissions.label }}	{{ form.folder_permissions.add() }}	{{ form.folder_permissions.update() }}	{{ form.folder_permissions.delete() }}
{{ form.image_permissions.label }}	{{ form.image_permissions.add() }}	{{ form.image_permissions.update() }}	{{ form.image_permissions.delete() }}
{{ form.repository_permissions.label }}	{{ form.repository_permissions.add() }}	{{ form.repository_permissions.update() }}	{{ form.repository_permissions.delete() }}