diff --git a/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/ComponentLogController.java b/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/ComponentLogController.java
index 2165b55e0..28081d69b 100644
--- a/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/ComponentLogController.java
+++ b/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/ComponentLogController.java
@@ -1,6 +1,7 @@
 package com.iqser.red.persistence.service.v1.external.api.impl.controller;
 
 import static com.iqser.red.service.persistence.management.v1.processor.roles.ActionRoles.GET_RSS;
+import static com.iqser.red.service.persistence.management.v1.processor.roles.ActionRoles.READ_REDACTION_LOG;
 
 import java.util.List;
 import java.util.Map;
@@ -43,6 +44,7 @@ public class ComponentLogController implements ComponentLogResource {
 
 
     @Override
+    @PreAuthorize("hasAuthority('" + READ_REDACTION_LOG + "')")
     public ComponentLog getComponentLog(String dossierId, String fileId, boolean includeOverrides) {
 
         accessControlService.checkDossierExistenceAndViewPermissionsToDossier(dossierId);
diff --git a/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/UploadController.java b/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/UploadController.java
index f57d0a1c1..9a50bec1f 100644
--- a/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/UploadController.java
+++ b/persistence-service-v1/persistence-service-external-api-impl-v1/src/main/java/com/iqser/red/persistence/service/v1/external/api/impl/controller/UploadController.java
@@ -1,5 +1,6 @@
 package com.iqser.red.persistence.service.v1.external.api.impl.controller;
 
+import static com.iqser.red.service.persistence.management.v1.processor.roles.ActionRoles.UPLOAD_FILE;
 import static com.iqser.red.service.persistence.management.v1.processor.service.FeignExceptionHandler.processFeignException;
 
 import java.io.ByteArrayOutputStream;
@@ -15,6 +16,7 @@ import java.util.UUID;
 import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
 import org.apache.commons.compress.archivers.zip.ZipFile;
 import org.apache.commons.io.IOUtils;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RequestPart;
@@ -96,6 +98,7 @@ public class UploadController implements UploadResource {
     }
 
 
+    @PreAuthorize("hasAuthority('" + UPLOAD_FILE + "')")
     public void importRedactions(@RequestPart(name = "file") MultipartFile file,
                                  @PathVariable(DOSSIER_ID) String dossierId,
                                  @PathVariable(FILE_ID) String fileId,