diff --git a/infoscreen/views.py b/infoscreen/views.py
index ba583e2..f071bf4 100644
--- a/infoscreen/views.py
+++ b/infoscreen/views.py
@@ -3,6 +3,7 @@ from django.http import HttpResponse,HttpResponseBadRequest
 from django.views.decorators.csrf import ensure_csrf_cookie
 from django.views.decorators.http import require_http_methods
 from django.contrib.contenttypes.models import ContentType
+from django.contrib.auth.decorators import permission_required 
 from django.utils import timezone
 
 from infoscreen.models import ABBJob, Rotation, InfoItem, InfoInstance
@@ -11,9 +12,11 @@ from infoscreen.models import ImageUploadForm
 
 from datetime import datetime, timedelta
 import json
+
 def index(request,idx, *args, **kwargs):
     return render(request, 'infoscreen_index.html',{'rotation':idx})
 
+@permission_required('infoscreen.change_infoinstance', login_url='/login')
 def admin(request, *args, **kwargs):
     return render(request,'infoscreen_admin.html',{})
 
@@ -47,6 +50,7 @@ def rotation(request, idx, *args, **kwargs):
 def itemCreator(model):
     @ensure_csrf_cookie
     @require_http_methods(["POST"])
+    @permission_required('infoscreen.change_infoinstance', login_url='/login')
     def createItem(request,*args, **kwargs):
         try:
             data = json.loads(request.body.decode("utf-8"))
@@ -62,6 +66,7 @@ def itemCreator(model):
 def itemDeletor(model):
     @ensure_csrf_cookie
     @require_http_methods(["DELETE"])
+    @permission_required('infoscreen.change_infoinstance', login_url='/login')
     def deleteItem(request,*args, **kwargs):
         idx = kwargs.pop("idx", 0)
         try:
@@ -81,6 +86,7 @@ def itemDeletor(model):
 
 # due to model structure this is little complicated
 @ensure_csrf_cookie
+@permission_required('infoscreen.change_infoinstance', login_url='/login')
 @require_http_methods(["DELETE"])
 def deleteInfoItem(request,*args, **kwargs):
     type_id = kwargs.pop("type_id", 0)
@@ -125,6 +131,7 @@ def infoItems(request, *args, **kwargs):
     return HttpResponse(json.dumps(items))
 
 @require_http_methods(["POST"])
+@permission_required('infoscreen.change_infoinstance', login_url='/login')
 def createImageItem(request, *args, **kwargs):
     form = ImageUploadForm(request.POST,request.FILES)
     if not form.is_valid():