From 56235e65f163f1e907800c4396f5c7f064dd3fbe Mon Sep 17 00:00:00 2001
From: Dan Percic <dan@devplant.ro>
Date: Sun, 13 Nov 2022 13:37:24 +0200
Subject: [PATCH] RED-5482: wip permissions

---
 .../default-colors-screen.component.html      |  4 +--
 .../default-colors-screen.component.ts        | 17 ++++++++++---
 .../digital-signature-screen.component.html   |  3 ++-
 ...r-attributes-listing-screen.component.html | 12 ++++-----
 ...ier-attributes-listing-screen.component.ts | 11 +++++---
 .../dictionary-screen.component.html          |  2 +-
 .../dictionary/dictionary-screen.component.ts | 16 ++++++------
 ...e-attributes-listing-screen.component.html | 18 ++++++-------
 ...ile-attributes-listing-screen.component.ts | 10 +++++---
 .../justifications-screen.component.html      |  6 ++---
 .../justifications-screen.component.ts        |  9 +++----
 .../table-item/table-item.component.html      |  2 +-
 .../table-item/table-item.component.ts        |  7 +++---
 .../license-screen.component.ts               |  1 +
 .../license-select.component.html             |  8 +++++-
 .../license-select.component.ts               |  5 +++-
 .../reports-screen.component.html             | 16 ++++++++----
 .../reports-screen.component.ts               | 10 +++++---
 .../admin/screens/reports/reports.module.ts   |  3 ++-
 .../watermark-screen.component.html           |  2 +-
 .../watermark-screen.component.ts             | 25 +++++++++++++------
 .../screens/watermark/watermark.module.ts     |  2 ++
 .../watermarks-listing-screen.component.html  |  8 +++---
 .../watermarks-listing-screen.component.ts    | 16 ++++++------
 .../src/app/services/permissions.service.ts   | 20 +++++++++++++--
 apps/red-ui/src/app/users/roles.ts            |  1 +
 26 files changed, 148 insertions(+), 86 deletions(-)

diff --git a/apps/red-ui/src/app/modules/admin/screens/default-colors/default-colors-screen.component.html b/apps/red-ui/src/app/modules/admin/screens/default-colors/default-colors-screen.component.html
index 99a4580af..12a96582e 100644
--- a/apps/red-ui/src/app/modules/admin/screens/default-colors/default-colors-screen.component.html
+++ b/apps/red-ui/src/app/modules/admin/screens/default-colors/default-colors-screen.component.html
@@ -39,10 +39,10 @@
             <div class="action-buttons">
                 <iqser-circle-button
                     (action)="openEditColorDialog($event, entity)"
-                    *ngIf="currentUser.isAdmin"
+                    *allow="roles.colors.write; if: currentUser.isAdmin"
+                    [iqserHelpMode]="'default_colors'"
                     [tooltip]="'default-colors-screen.action.edit' | translate"
                     [type]="circleButtonTypes.dark"
-                    [iqserHelpMode]="'default_colors'"
                     icon="iqser:edit"
                 ></iqser-circle-button>
             </div>
diff --git a/apps/red-ui/src/app/modules/admin/screens/default-colors/default-colors-screen.component.ts b/apps/red-ui/src/app/modules/admin/screens/default-colors/default-colors-screen.component.ts
index a7a3fce5d..e5d3f56b8 100644
--- a/apps/red-ui/src/app/modules/admin/screens/default-colors/default-colors-screen.component.ts
+++ b/apps/red-ui/src/app/modules/admin/screens/default-colors/default-colors-screen.component.ts
@@ -1,13 +1,21 @@
 import { ChangeDetectionStrategy, Component } from '@angular/core';
-import { DefaultColorTypes, DOSSIER_TEMPLATE_ID } from '@red/domain';
+import { DefaultColorTypes, DOSSIER_TEMPLATE_ID, User } from '@red/domain';
 import { AdminDialogService } from '../../services/admin-dialog.service';
-import { CircleButtonTypes, getParam, IListable, ListingComponent, listingProvidersFactory, TableColumnConfig } from '@iqser/common-ui';
+import {
+    CircleButtonTypes,
+    getCurrentUser,
+    getParam,
+    IListable,
+    ListingComponent,
+    listingProvidersFactory,
+    TableColumnConfig,
+} from '@iqser/common-ui';
 import { defaultColorsTranslations } from '@translations/default-colors-translations';
 import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker';
-import { getCurrentUser } from '@users/user.service';
 import { combineLatest } from 'rxjs';
 import { map, tap } from 'rxjs/operators';
 import { DefaultColorsService } from '@services/entity-services/default-colors.service';
+import { ROLES } from '@users/roles';
 
 interface ListItem extends IListable {
     readonly key: string;
@@ -22,7 +30,8 @@ interface ListItem extends IListable {
 })
 export class DefaultColorsScreenComponent extends ListingComponent<ListItem> {
     readonly circleButtonTypes = CircleButtonTypes;
-    readonly currentUser = getCurrentUser();
+    readonly currentUser = getCurrentUser<User>();
+    readonly roles = ROLES;
     readonly translations = defaultColorsTranslations;
     readonly tableHeaderLabel = _('default-colors-screen.table-header.title');
     readonly tableColumnConfigs: TableColumnConfig<ListItem>[] = [
diff --git a/apps/red-ui/src/app/modules/admin/screens/digital-signature/digital-signature-screen.component.html b/apps/red-ui/src/app/modules/admin/screens/digital-signature/digital-signature-screen.component.html
index 34d0e82a6..913feb8d7 100644
--- a/apps/red-ui/src/app/modules/admin/screens/digital-signature/digital-signature-screen.component.html
+++ b/apps/red-ui/src/app/modules/admin/screens/digital-signature/digital-signature-screen.component.html
@@ -1,7 +1,7 @@
 <iqser-page-header
     (closeAction)="routerHistoryService.navigateToLastDossiersScreen()"
     [pageLabel]="'digital-signature' | translate"
-    [showCloseButton]="currentUser.isUser && permissionsService.has$(roles.dossiers.read) | async"
+    [showCloseButton]="currentUser.isUser && (permissionsService.has$(roles.dossiers.read) | async)"
 ></iqser-page-header>
 
 <div class="content-container">
@@ -12,6 +12,7 @@
             [buttonIcon]="null"
             [buttonLabel]="'digital-signature-screen.no-data.action' | translate"
             [helpModeKey]="'digital_signature'"
+            [showButton]="permissionsService.has$(roles.digitalSignature.write) | async"
             [text]="'digital-signature-screen.no-data.title' | translate"
             icon="iqser:document"
         ></iqser-empty-state>
diff --git a/apps/red-ui/src/app/modules/admin/screens/dossier-attributes-listing/dossier-attributes-listing-screen.component.html b/apps/red-ui/src/app/modules/admin/screens/dossier-attributes-listing/dossier-attributes-listing-screen.component.html
index fb4cd1b3b..dd3da97cf 100644
--- a/apps/red-ui/src/app/modules/admin/screens/dossier-attributes-listing/dossier-attributes-listing-screen.component.html
+++ b/apps/red-ui/src/app/modules/admin/screens/dossier-attributes-listing/dossier-attributes-listing-screen.component.html
@@ -28,8 +28,8 @@
                 [noDataButtonLabel]="'dossier-attributes-listing.no-data.action' | translate"
                 [noDataText]="'dossier-attributes-listing.no-data.title' | translate"
                 [noMatchText]="'dossier-attributes-listing.no-match.title' | translate"
-                [selectionEnabled]="true"
-                [showNoDataButton]="currentUser.isAdmin"
+                [selectionEnabled]="canEditDossierAttributes"
+                [showNoDataButton]="canEditDossierAttributes"
                 [tableColumnConfigs]="tableColumnConfigs"
                 emptyColumnWidth="1fr"
                 noDataIcon="red:attribute"
@@ -41,7 +41,7 @@
 <ng-template #bulkActions>
     <iqser-circle-button
         (action)="openConfirmDeleteAttributeDialog($event)"
-        *ngIf="currentUser.isAdmin && listingService.areSomeSelected$ | async"
+        *ngIf="canEditDossierAttributes && (listingService.areSomeSelected$ | async)"
         [tooltip]="'dossier-attributes-listing.bulk.delete' | translate"
         [type]="circleButtonTypes.dark"
         icon="iqser:trash"
@@ -57,10 +57,10 @@
 
         <iqser-icon-button
             (action)="openAddEditAttributeDialog($event)"
-            *ngIf="currentUser.isAdmin"
+            *ngIf="canEditDossierAttributes"
+            [iqserHelpMode]="'create_new_dossier_attribute'"
             [label]="'dossier-attributes-listing.add-new' | translate"
             [type]="iconButtonTypes.primary"
-            [iqserHelpMode]="'create_new_dossier_attribute'"
             icon="iqser:plus"
         ></iqser-icon-button>
     </div>
@@ -87,7 +87,7 @@
         </div>
 
         <div class="cell">
-            <div *ngIf="currentUser.isAdmin" class="action-buttons">
+            <div *ngIf="canEditDossierAttributes" class="action-buttons">
                 <div [iqserHelpMode]="'edit_delete_dossier_attributes'">
                     <iqser-circle-button
                         (action)="openAddEditAttributeDialog($event, attribute)"
diff --git a/apps/red-ui/src/app/modules/admin/screens/dossier-attributes-listing/dossier-attributes-listing-screen.component.ts b/apps/red-ui/src/app/modules/admin/screens/dossier-attributes-listing/dossier-attributes-listing-screen.component.ts
index 878365d8c..466e2eb36 100644
--- a/apps/red-ui/src/app/modules/admin/screens/dossier-attributes-listing/dossier-attributes-listing-screen.component.ts
+++ b/apps/red-ui/src/app/modules/admin/screens/dossier-attributes-listing/dossier-attributes-listing-screen.component.ts
@@ -1,6 +1,7 @@
 import { Component, OnInit, TemplateRef, ViewChild } from '@angular/core';
 import {
     CircleButtonTypes,
+    getCurrentUser,
     getParam,
     IconButtonTypes,
     ListingComponent,
@@ -12,9 +13,9 @@ import { AdminDialogService } from '../../services/admin-dialog.service';
 import { DossierAttributesService } from '@services/entity-services/dossier-attributes.service';
 import { dossierAttributeTypesTranslations } from '@translations/dossier-attribute-types-translations';
 import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker';
-import { getCurrentUser } from '@users/user.service';
-import { DOSSIER_TEMPLATE_ID, DossierAttributeConfig, IDossierAttributeConfig } from '@red/domain';
+import { DOSSIER_TEMPLATE_ID, DossierAttributeConfig, IDossierAttributeConfig, User } from '@red/domain';
 import { firstValueFrom } from 'rxjs';
+import { PermissionsService } from '@services/permissions.service';
 
 @Component({
     templateUrl: './dossier-attributes-listing-screen.component.html',
@@ -27,7 +28,7 @@ import { firstValueFrom } from 'rxjs';
 export class DossierAttributesListingScreenComponent extends ListingComponent<DossierAttributeConfig> implements OnInit {
     readonly iconButtonTypes = IconButtonTypes;
     readonly circleButtonTypes = CircleButtonTypes;
-    readonly currentUser = getCurrentUser();
+    readonly currentUser = getCurrentUser<User>();
     readonly translations = dossierAttributeTypesTranslations;
     readonly tableHeaderLabel = _('dossier-attributes-listing.table-header.title');
     readonly tableColumnConfigs: TableColumnConfig<DossierAttributeConfig>[] = [
@@ -36,9 +37,11 @@ export class DossierAttributesListingScreenComponent extends ListingComponent<Do
         { label: _('dossier-attributes-listing.table-col-names.type'), sortByKey: 'type' },
     ];
     @ViewChild('impactedTemplates') impactedTemplatesRef: TemplateRef<unknown>;
-    readonly #dossierTemplateId: string = getParam(DOSSIER_TEMPLATE_ID);
+    readonly canEditDossierAttributes = this.permissionsService.canEditGlobalDossierAttributes();
+    readonly #dossierTemplateId = getParam(DOSSIER_TEMPLATE_ID);
 
     constructor(
+        readonly permissionsService: PermissionsService,
         private readonly _loadingService: LoadingService,
         private readonly _dialogService: AdminDialogService,
         private readonly _dossierAttributesService: DossierAttributesService,
diff --git a/apps/red-ui/src/app/modules/admin/screens/entities/screens/dictionary/dictionary-screen.component.html b/apps/red-ui/src/app/modules/admin/screens/entities/screens/dictionary/dictionary-screen.component.html
index ff89234fd..4200737b1 100644
--- a/apps/red-ui/src/app/modules/admin/screens/entities/screens/dictionary/dictionary-screen.component.html
+++ b/apps/red-ui/src/app/modules/admin/screens/entities/screens/dictionary/dictionary-screen.component.html
@@ -2,7 +2,7 @@
     #dictionaryManager
     (saveDictionary)="save()"
     [canDownload]="permissionsService.canDownloadEntityDictionary()"
-    [canEdit]="currentUser.isAdmin"
+    [canEdit]="currentUser.isAdmin && (iqserPermissionsService.has$(roles.dictionaryEntries.write) | async)"
     [entityType]="entityType"
     [filterByDossierTemplate]="true"
     [initialEntries]="initialEntries$ | async"
diff --git a/apps/red-ui/src/app/modules/admin/screens/entities/screens/dictionary/dictionary-screen.component.ts b/apps/red-ui/src/app/modules/admin/screens/entities/screens/dictionary/dictionary-screen.component.ts
index 3a7ac6d6e..b5df24952 100644
--- a/apps/red-ui/src/app/modules/admin/screens/entities/screens/dictionary/dictionary-screen.component.ts
+++ b/apps/red-ui/src/app/modules/admin/screens/entities/screens/dictionary/dictionary-screen.component.ts
@@ -2,11 +2,11 @@ import { ChangeDetectionStrategy, Component, OnInit, ViewChild } from '@angular/
 import { ActivatedRoute } from '@angular/router';
 import { DictionaryManagerComponent } from '@shared/components/dictionary-manager/dictionary-manager.component';
 import { DictionaryService } from '@services/entity-services/dictionary.service';
-import { List, LoadingService } from '@iqser/common-ui';
-import { UserService } from '@users/user.service';
+import { getCurrentUser, getParam, IqserPermissionsService, List, LoadingService } from '@iqser/common-ui';
 import { BehaviorSubject, firstValueFrom } from 'rxjs';
 import { DICTIONARY_TO_ENTRY_TYPE_MAP, DICTIONARY_TYPE_KEY_MAP, DictionaryType, DOSSIER_TEMPLATE_ID, ENTITY_TYPE, User } from '@red/domain';
 import { PermissionsService } from '@services/permissions.service';
+import { ROLES } from '@users/roles';
 
 @Component({
     templateUrl: './dictionary-screen.component.html',
@@ -14,25 +14,23 @@ import { PermissionsService } from '@services/permissions.service';
     changeDetection: ChangeDetectionStrategy.OnPush,
 })
 export class DictionaryScreenComponent implements OnInit {
-    readonly currentUser: User;
+    readonly currentUser = getCurrentUser<User>();
+    readonly roles = ROLES;
     readonly initialEntries$ = new BehaviorSubject<string[]>([]);
     isLeavingPage = false;
     readonly type: DictionaryType;
-    readonly entityType: string;
-    readonly #dossierTemplateId: string;
+    readonly entityType = getParam(ENTITY_TYPE);
+    readonly #dossierTemplateId = getParam(DOSSIER_TEMPLATE_ID);
     @ViewChild('dictionaryManager', { static: false })
     private readonly _dictionaryManager: DictionaryManagerComponent;
 
     constructor(
         readonly route: ActivatedRoute,
-        readonly userService: UserService,
         readonly permissionsService: PermissionsService,
+        readonly iqserPermissionsService: IqserPermissionsService,
         private readonly _loadingService: LoadingService,
         private readonly _dictionaryService: DictionaryService,
     ) {
-        this.currentUser = userService.currentUser;
-        this.#dossierTemplateId = route.parent.snapshot.paramMap.get(DOSSIER_TEMPLATE_ID);
-        this.entityType = route.parent.snapshot.paramMap.get(ENTITY_TYPE);
         this.type = route.snapshot.routeConfig.path as DictionaryType;
     }
 
diff --git a/apps/red-ui/src/app/modules/admin/screens/file-attributes-listing/file-attributes-listing-screen.component.html b/apps/red-ui/src/app/modules/admin/screens/file-attributes-listing/file-attributes-listing-screen.component.html
index d7713fdd4..adc800b6d 100644
--- a/apps/red-ui/src/app/modules/admin/screens/file-attributes-listing/file-attributes-listing-screen.component.html
+++ b/apps/red-ui/src/app/modules/admin/screens/file-attributes-listing/file-attributes-listing-screen.component.html
@@ -26,7 +26,7 @@
                 [itemSize]="80"
                 [noDataText]="'file-attributes-listing.no-data.title' | translate"
                 [noMatchText]="'file-attributes-listing.no-match.title' | translate"
-                [selectionEnabled]="true"
+                [selectionEnabled]="permissionsService.canEditGlobalFileAttributes()"
                 [tableColumnConfigs]="tableColumnConfigs"
                 emptyColumnWidth="1fr"
                 noDataIcon="red:attribute"
@@ -46,7 +46,7 @@
 <ng-template #bulkActions>
     <iqser-circle-button
         (click)="openConfirmDeleteAttributeDialog($event)"
-        *ngIf="currentUser.isAdmin && (listingService.areSomeSelected$ | async)"
+        *ngIf="permissionsService.canEditGlobalFileAttributes() && (listingService.areSomeSelected$ | async)"
         [tooltip]="'file-attributes-listing.bulk-actions.delete' | translate"
         [type]="circleButtonTypes.dark"
         icon="iqser:trash"
@@ -64,30 +64,30 @@
 
         <iqser-circle-button
             (action)="fileInput.click()"
-            *ngIf="currentUser.isAdmin"
+            *allow="roles.fileAttributes.writeConfig; if: currentUser.isAdmin"
+            [iqserHelpMode]="'upload_file_attribute'"
             [tooltip]="'file-attributes-listing.upload-csv' | translate"
             [type]="circleButtonTypes.dark"
-            [iqserHelpMode]="'upload_file_attribute'"
             icon="iqser:upload"
             tooltipPosition="above"
         ></iqser-circle-button>
 
         <iqser-circle-button
             (action)="openConfigurationsDialog($event)"
-            *ngIf="currentUser.isAdmin"
+            *allow="roles.fileAttributes.writeConfig; if: currentUser.isAdmin"
+            [iqserHelpMode]="'upload_file_attribute'"
             [tooltip]="'file-attributes-listing.configurations' | translate"
             [type]="circleButtonTypes.dark"
-            [iqserHelpMode]="'upload_file_attribute'"
             icon="iqser:settings"
             tooltipPosition="above"
         ></iqser-circle-button>
 
         <iqser-icon-button
             (action)="openAddEditAttributeDialog($event)"
-            *ngIf="currentUser.isAdmin"
+            *ngIf="permissionsService.canEditGlobalFileAttributes()"
+            [iqserHelpMode]="'create_new_file_attribute'"
             [label]="'file-attributes-listing.add-new' | translate"
             [type]="iconButtonTypes.primary"
-            [iqserHelpMode]="'create_new_file_attribute'"
             icon="iqser:plus"
         ></iqser-icon-button>
     </div>
@@ -129,7 +129,7 @@
         </div>
 
         <div class="cell">
-            <div *ngIf="currentUser.isAdmin" class="action-buttons">
+            <div *ngIf="permissionsService.canEditGlobalFileAttributes()" class="action-buttons">
                 <div [iqserHelpMode]="'edit_delete_file_attribute'">
                     <iqser-circle-button
                         (action)="openAddEditAttributeDialog($event, attribute)"
diff --git a/apps/red-ui/src/app/modules/admin/screens/file-attributes-listing/file-attributes-listing-screen.component.ts b/apps/red-ui/src/app/modules/admin/screens/file-attributes-listing/file-attributes-listing-screen.component.ts
index 9fb79a39b..92d751251 100644
--- a/apps/red-ui/src/app/modules/admin/screens/file-attributes-listing/file-attributes-listing-screen.component.ts
+++ b/apps/red-ui/src/app/modules/admin/screens/file-attributes-listing/file-attributes-listing-screen.component.ts
@@ -2,6 +2,7 @@ import { ChangeDetectionStrategy, Component, ElementRef, OnDestroy, OnInit, Temp
 import { AdminDialogService } from '../../services/admin-dialog.service';
 import {
     CircleButtonTypes,
+    getCurrentUser,
     getParam,
     IconButtonTypes,
     ListingComponent,
@@ -11,13 +12,14 @@ import {
     Toaster,
 } from '@iqser/common-ui';
 import { fileAttributeTypesTranslations } from '@translations/file-attribute-types-translations';
-import { getCurrentUser } from '@users/user.service';
 import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker';
-import { DOSSIER_TEMPLATE_ID, FileAttributeConfig, IFileAttributeConfig, IFileAttributesConfig } from '@red/domain';
+import { DOSSIER_TEMPLATE_ID, FileAttributeConfig, IFileAttributeConfig, IFileAttributesConfig, User } from '@red/domain';
 import { FileAttributesService } from '@services/entity-services/file-attributes.service';
 import { HttpStatusCode } from '@angular/common/http';
 import { firstValueFrom } from 'rxjs';
 import { DossierTemplatesService } from '@services/dossier-templates/dossier-templates.service';
+import { PermissionsService } from '@services/permissions.service';
+import { ROLES } from '@users/roles';
 
 @Component({
     templateUrl: './file-attributes-listing-screen.component.html',
@@ -28,7 +30,7 @@ import { DossierTemplatesService } from '@services/dossier-templates/dossier-tem
 export class FileAttributesListingScreenComponent extends ListingComponent<FileAttributeConfig> implements OnInit, OnDestroy {
     readonly iconButtonTypes = IconButtonTypes;
     readonly circleButtonTypes = CircleButtonTypes;
-    readonly currentUser = getCurrentUser();
+    readonly currentUser = getCurrentUser<User>();
     readonly translations = fileAttributeTypesTranslations;
     readonly tableHeaderLabel = _('file-attributes-listing.table-header.title');
     readonly tableColumnConfigs: TableColumnConfig<FileAttributeConfig>[] = [
@@ -45,12 +47,14 @@ export class FileAttributesListingScreenComponent extends ListingComponent<FileA
             rightIconTooltip: _('file-attributes-listing.table-col-names.primary-info-tooltip'),
         },
     ];
+    readonly roles = ROLES;
     @ViewChild('impactedTemplates') private readonly _impactedTemplatesRef: TemplateRef<unknown>;
     #existingConfiguration: IFileAttributesConfig;
     @ViewChild('fileInput') private _fileInput: ElementRef;
     readonly #dossierTemplateId = getParam(DOSSIER_TEMPLATE_ID);
 
     constructor(
+        readonly permissionsService: PermissionsService,
         private readonly _toaster: Toaster,
         private readonly _loadingService: LoadingService,
         private readonly _dialogService: AdminDialogService,
diff --git a/apps/red-ui/src/app/modules/admin/screens/justifications/justifications-screen/justifications-screen.component.html b/apps/red-ui/src/app/modules/admin/screens/justifications/justifications-screen/justifications-screen.component.html
index 8ad7ac075..016817b83 100644
--- a/apps/red-ui/src/app/modules/admin/screens/justifications/justifications-screen/justifications-screen.component.html
+++ b/apps/red-ui/src/app/modules/admin/screens/justifications/justifications-screen/justifications-screen.component.html
@@ -3,7 +3,7 @@
     [headerTemplate]="headerTemplate"
     [itemSize]="80"
     [noDataText]="'justifications-listing.no-data.title' | translate"
-    [selectionEnabled]="canUpdateJustifications"
+    [selectionEnabled]="canAddEditJustifications"
     [tableColumnConfigs]="tableColumnConfigs"
     noDataIcon="iqser:document"
 ></iqser-table>
@@ -11,7 +11,7 @@
 <ng-template #bulkActions>
     <iqser-circle-button
         (action)="openConfirmDeleteDialog()"
-        *ngIf="canUpdateJustifications && listingService.areSomeSelected$ | async"
+        *ngIf="canAddEditJustifications && listingService.areSomeSelected$ | async"
         [tooltip]="'justifications-listing.bulk.delete' | translate"
         [type]="circleButtonTypes.dark"
         icon="iqser:trash"
@@ -26,7 +26,7 @@
     <div class="table-header-actions">
         <iqser-icon-button
             (action)="openAddJustificationDialog()"
-            *ngIf="canUpdateJustifications"
+            *ngIf="canAddEditJustifications"
             [label]="'justifications-listing.add-new' | translate"
             [type]="iconButtonTypes.primary"
             icon="iqser:plus"
diff --git a/apps/red-ui/src/app/modules/admin/screens/justifications/justifications-screen/justifications-screen.component.ts b/apps/red-ui/src/app/modules/admin/screens/justifications/justifications-screen/justifications-screen.component.ts
index 83f9710f4..7a31b9ff1 100644
--- a/apps/red-ui/src/app/modules/admin/screens/justifications/justifications-screen/justifications-screen.component.ts
+++ b/apps/red-ui/src/app/modules/admin/screens/justifications/justifications-screen/justifications-screen.component.ts
@@ -13,9 +13,9 @@ import {
 import { DOSSIER_TEMPLATE_ID, Justification } from '@red/domain';
 import { JustificationsService } from '@services/entity-services/justifications.service';
 import { JustificationsDialogService } from '../justifications-dialog.service';
-import { getCurrentUser } from '@users/user.service';
 import { UserPreferenceService } from '@users/user-preference.service';
 import { firstValueFrom } from 'rxjs';
+import { PermissionsService } from '@services/permissions.service';
 
 @Component({
     selector: 'redaction-justifications-screen',
@@ -36,7 +36,7 @@ export class JustificationsScreenComponent extends ListingComponent<Justificatio
         { label: _('justifications-listing.table-col-names.reason'), sortByKey: 'reason' },
         { label: _('justifications-listing.table-col-names.description'), width: '2fr' },
     ];
-    readonly #currentUser = getCurrentUser();
+    readonly canAddEditJustifications = this.permissionsService.canAddEditJustifications();
     readonly #dossierTemplateId = getParam(DOSSIER_TEMPLATE_ID);
 
     constructor(
@@ -44,14 +44,11 @@ export class JustificationsScreenComponent extends ListingComponent<Justificatio
         private readonly _loadingService: LoadingService,
         private readonly _dialogService: JustificationsDialogService,
         readonly userPreferenceService: UserPreferenceService,
+        readonly permissionsService: PermissionsService,
     ) {
         super();
     }
 
-    get canUpdateJustifications(): boolean {
-        return this.userPreferenceService.areDevFeaturesEnabled && this.#currentUser.isAdmin;
-    }
-
     async ngOnInit(): Promise<void> {
         this._loadingService.start();
         await firstValueFrom(this._justificationService.loadAll(this.#dossierTemplateId));
diff --git a/apps/red-ui/src/app/modules/admin/screens/justifications/table-item/table-item.component.html b/apps/red-ui/src/app/modules/admin/screens/justifications/table-item/table-item.component.html
index fcc79db5a..e386a03e8 100644
--- a/apps/red-ui/src/app/modules/admin/screens/justifications/table-item/table-item.component.html
+++ b/apps/red-ui/src/app/modules/admin/screens/justifications/table-item/table-item.component.html
@@ -14,7 +14,7 @@
     </span>
 
     <div class="action-buttons">
-        <ng-container *ngIf="userPreferenceService.areDevFeaturesEnabled && (currentUser$ | async).isAdmin">
+        <ng-container *ngIf="canAddEditJustifications">
             <iqser-circle-button
                 (action)="openEditJustificationDialog()"
                 [tooltip]="'justifications-listing.actions.edit' | translate"
diff --git a/apps/red-ui/src/app/modules/admin/screens/justifications/table-item/table-item.component.ts b/apps/red-ui/src/app/modules/admin/screens/justifications/table-item/table-item.component.ts
index 0d22e7ef1..0a42e11e0 100644
--- a/apps/red-ui/src/app/modules/admin/screens/justifications/table-item/table-item.component.ts
+++ b/apps/red-ui/src/app/modules/admin/screens/justifications/table-item/table-item.component.ts
@@ -2,8 +2,7 @@ import { ChangeDetectionStrategy, Component, inject, Input } from '@angular/core
 import { DOSSIER_TEMPLATE_ID, Justification } from '@red/domain';
 import { CircleButtonTypes, getParam } from '@iqser/common-ui';
 import { JustificationsDialogService } from '../justifications-dialog.service';
-import { UserService } from '@users/user.service';
-import { UserPreferenceService } from '@users/user-preference.service';
+import { PermissionsService } from '@services/permissions.service';
 
 @Component({
     selector: 'redaction-table-item',
@@ -13,10 +12,10 @@ import { UserPreferenceService } from '@users/user-preference.service';
 export class TableItemComponent {
     readonly circleButtonTypes = CircleButtonTypes;
     @Input() justification: Justification;
-    readonly currentUser$ = inject(UserService).currentUser$;
+    readonly canAddEditJustifications = inject(PermissionsService).canAddEditJustifications();
     readonly #dossierTemplateId: string = getParam(DOSSIER_TEMPLATE_ID);
 
-    constructor(readonly userPreferenceService: UserPreferenceService, private readonly _dialogService: JustificationsDialogService) {}
+    constructor(private readonly _dialogService: JustificationsDialogService) {}
 
     openEditJustificationDialog() {
         this._dialogService.openDialog('addEditJustification', null, {
diff --git a/apps/red-ui/src/app/modules/admin/screens/license/license-screen/license-screen.component.ts b/apps/red-ui/src/app/modules/admin/screens/license/license-screen/license-screen.component.ts
index 9f9a29a59..50661839b 100644
--- a/apps/red-ui/src/app/modules/admin/screens/license/license-screen/license-screen.component.ts
+++ b/apps/red-ui/src/app/modules/admin/screens/license/license-screen/license-screen.component.ts
@@ -23,6 +23,7 @@ export class LicenseScreenComponent implements OnInit {
             action: (): void => this.sendMail(),
             type: IconButtonTypes.primary,
             helpModeKey: 'license_information',
+            hide: !this.permissionsService.has(ROLES.license.readReport),
         },
     ];
 
diff --git a/apps/red-ui/src/app/modules/admin/screens/license/license-select/license-select.component.html b/apps/red-ui/src/app/modules/admin/screens/license/license-select/license-select.component.html
index 254941a67..6694f8c1f 100644
--- a/apps/red-ui/src/app/modules/admin/screens/license/license-select/license-select.component.html
+++ b/apps/red-ui/src/app/modules/admin/screens/license/license-select/license-select.component.html
@@ -1,5 +1,11 @@
 <div *ngIf="licenses$ | async as licenses" class="iqser-input-group w-400">
-    <mat-select (valueChange)="licenseChanged($event)" *ngIf="value" [(ngModel)]="value" [iqserHelpMode]="'license_information'">
+    <mat-select
+        (valueChange)="licenseChanged($event)"
+        *ngIf="value"
+        [(ngModel)]="value"
+        [disabled]="isReadonly$ | async"
+        [iqserHelpMode]="'license_information'"
+    >
         <mat-select-trigger>
             <ng-container *ngTemplateOutlet="licenseInfo; context: { license: value }"></ng-container>
         </mat-select-trigger>
diff --git a/apps/red-ui/src/app/modules/admin/screens/license/license-select/license-select.component.ts b/apps/red-ui/src/app/modules/admin/screens/license/license-select/license-select.component.ts
index ecb78ad6b..bec041580 100644
--- a/apps/red-ui/src/app/modules/admin/screens/license/license-select/license-select.component.ts
+++ b/apps/red-ui/src/app/modules/admin/screens/license/license-select/license-select.component.ts
@@ -3,6 +3,8 @@ import { LicenseService } from '@services/license.service';
 import { ILicense } from '@red/domain';
 import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker';
 import { map, tap } from 'rxjs/operators';
+import { IqserPermissionsService } from '@iqser/common-ui';
+import { ROLES } from '@users/roles';
 
 const translations = {
     active: _('license-info-screen.status.active'),
@@ -24,8 +26,9 @@ export class LicenseSelectComponent {
             }
         }),
     );
+    readonly isReadonly$ = this._permissionsService.has$(ROLES.license.edit).pipe(map(has => !has));
 
-    constructor(readonly licenseService: LicenseService) {}
+    constructor(readonly licenseService: LicenseService, private readonly _permissionsService: IqserPermissionsService) {}
 
     getStatus(id) {
         return id === this.licenseService.activeLicenseId ? translations.active : translations.inactive;
diff --git a/apps/red-ui/src/app/modules/admin/screens/reports/reports-screen/reports-screen.component.html b/apps/red-ui/src/app/modules/admin/screens/reports/reports-screen/reports-screen.component.html
index b91496dea..3ca03ab33 100644
--- a/apps/red-ui/src/app/modules/admin/screens/reports/reports-screen/reports-screen.component.html
+++ b/apps/red-ui/src/app/modules/admin/screens/reports/reports-screen/reports-screen.component.html
@@ -23,16 +23,16 @@
 
         <iqser-circle-button
             (action)="fileInput.click()"
-            *ngIf="permissionsService.isAdmin()"
-            [tooltip]="'reports-screen.upload-document' | translate"
+            *allow="roles.reportTemplates.upload; if: currentUser.isAdmin"
             [iqserHelpMode]="'reports'"
+            [tooltip]="'reports-screen.upload-document' | translate"
             icon="iqser:upload"
         ></iqser-circle-button>
     </div>
 
     <div
         (click)="fileInput.click()"
-        *ngIf="permissionsService.isAdmin() && !availableTemplates?.length"
+        *allow="roles.reportTemplates.upload; if: currentUser.isAdmin && !availableTemplates?.length"
         [translate]="'reports-screen.upload-document'"
         class="template upload-button"
     ></div>
@@ -43,11 +43,17 @@
         </div>
 
         <div class="actions">
-            <iqser-circle-button (action)="download(template)" [iconSize]="12" [size]="18" icon="iqser:download"></iqser-circle-button>
+            <iqser-circle-button
+                (action)="download(template)"
+                *allow="roles.reportTemplates.download"
+                [iconSize]="12"
+                [size]="18"
+                icon="iqser:download"
+            ></iqser-circle-button>
 
             <iqser-circle-button
                 (action)="deleteTemplate(template)"
-                *ngIf="permissionsService.isAdmin()"
+                *allow="roles.reportTemplates.delete; if: currentUser.isAdmin"
                 [iconSize]="12"
                 [size]="18"
                 icon="iqser:trash"
diff --git a/apps/red-ui/src/app/modules/admin/screens/reports/reports-screen/reports-screen.component.ts b/apps/red-ui/src/app/modules/admin/screens/reports/reports-screen/reports-screen.component.ts
index 94b6d70d1..d0c835782 100644
--- a/apps/red-ui/src/app/modules/admin/screens/reports/reports-screen/reports-screen.component.ts
+++ b/apps/red-ui/src/app/modules/admin/screens/reports/reports-screen/reports-screen.component.ts
@@ -1,7 +1,7 @@
 import { ChangeDetectionStrategy, Component, ElementRef, OnInit, ViewChild } from '@angular/core';
-import { DOSSIER_TEMPLATE_ID, IPlaceholdersResponse, IReportTemplate } from '@red/domain';
+import { DOSSIER_TEMPLATE_ID, IPlaceholdersResponse, IReportTemplate, User } from '@red/domain';
 import { download } from '@utils/file-download-utils';
-import { ConfirmationDialogInput, getParam, LoadingService, Toaster } from '@iqser/common-ui';
+import { ConfirmationDialogInput, getCurrentUser, getParam, LoadingService, Toaster } from '@iqser/common-ui';
 import { PermissionsService } from '@services/permissions.service';
 import {
     generalPlaceholdersDescriptionsTranslations,
@@ -12,6 +12,7 @@ import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker';
 import { AdminDialogService } from '../../../services/admin-dialog.service';
 import { ReportTemplateService } from '@services/report-template.service';
 import { BehaviorSubject, firstValueFrom } from 'rxjs';
+import { ROLES } from '@users/roles';
 
 interface Placeholder {
     placeholder: string;
@@ -31,8 +32,9 @@ const placeholderTypes: PlaceholderType[] = ['generalPlaceholders', 'fileAttribu
 export class ReportsScreenComponent implements OnInit {
     placeholders$ = new BehaviorSubject<Placeholder[]>([]);
     availableTemplates$ = new BehaviorSubject<IReportTemplate[]>([]);
-    readonly #dossierTemplateId: string = getParam(DOSSIER_TEMPLATE_ID);
-
+    readonly currentUser = getCurrentUser<User>();
+    readonly roles = ROLES;
+    readonly #dossierTemplateId = getParam(DOSSIER_TEMPLATE_ID);
     @ViewChild('fileInput') private _fileInput: ElementRef;
 
     constructor(
diff --git a/apps/red-ui/src/app/modules/admin/screens/reports/reports.module.ts b/apps/red-ui/src/app/modules/admin/screens/reports/reports.module.ts
index 3d3b8a97a..6be448070 100644
--- a/apps/red-ui/src/app/modules/admin/screens/reports/reports.module.ts
+++ b/apps/red-ui/src/app/modules/admin/screens/reports/reports.module.ts
@@ -4,7 +4,7 @@ import { RouterModule } from '@angular/router';
 import { SharedModule } from '@shared/shared.module';
 import { ReportsScreenComponent } from './reports-screen/reports-screen.component';
 import { TranslateModule } from '@ngx-translate/core';
-import { IqserButtonsModule, IqserHelpModeModule, IqserScrollbarModule } from '@iqser/common-ui';
+import { IqserButtonsModule, IqserHelpModeModule, IqserPermissionsModule, IqserScrollbarModule } from '@iqser/common-ui';
 
 const routes = [{ path: '', component: ReportsScreenComponent }];
 
@@ -18,6 +18,7 @@ const routes = [{ path: '', component: ReportsScreenComponent }];
         IqserButtonsModule,
         IqserScrollbarModule,
         IqserHelpModeModule,
+        IqserPermissionsModule,
     ],
 })
 export class ReportsModule {}
diff --git a/apps/red-ui/src/app/modules/admin/screens/watermark/watermark-screen/watermark-screen.component.html b/apps/red-ui/src/app/modules/admin/screens/watermark/watermark-screen/watermark-screen.component.html
index 703c33672..8bc3c616d 100644
--- a/apps/red-ui/src/app/modules/admin/screens/watermark/watermark-screen/watermark-screen.component.html
+++ b/apps/red-ui/src/app/modules/admin/screens/watermark/watermark-screen/watermark-screen.component.html
@@ -1,6 +1,6 @@
 <div class="content-container">
     <div #viewer class="viewer"></div>
-    <div *ngIf="changed && permissionsService.isAdmin()" class="changes-box">
+    <div *ngIf="changed && currentUser.isAdmin" class="changes-box">
         <iqser-icon-button
             (action)="save()"
             [disabled]="!valid"
diff --git a/apps/red-ui/src/app/modules/admin/screens/watermark/watermark-screen/watermark-screen.component.ts b/apps/red-ui/src/app/modules/admin/screens/watermark/watermark-screen/watermark-screen.component.ts
index 6675051bc..0bb1b8d78 100644
--- a/apps/red-ui/src/app/modules/admin/screens/watermark/watermark-screen/watermark-screen.component.ts
+++ b/apps/red-ui/src/app/modules/admin/screens/watermark/watermark-screen/watermark-screen.component.ts
@@ -1,10 +1,19 @@
 import { ChangeDetectorRef, Component, ElementRef, Inject, ViewChild } from '@angular/core';
-import { PermissionsService } from '@services/permissions.service';
 import WebViewer, { WebViewerInstance } from '@pdftron/webviewer';
 import { HttpClient } from '@angular/common/http';
 import { UntypedFormBuilder, UntypedFormGroup } from '@angular/forms';
-import { BASE_HREF_FN, BaseHrefFn, Debounce, getParam, IconButtonTypes, LoadingService, Toaster } from '@iqser/common-ui';
-import { DOSSIER_TEMPLATE_ID, IWatermark, WATERMARK_ID, WatermarkOrientation, WatermarkOrientations } from '@red/domain';
+import {
+    BASE_HREF_FN,
+    BaseHrefFn,
+    Debounce,
+    getCurrentUser,
+    getParam,
+    IconButtonTypes,
+    IqserPermissionsService,
+    LoadingService,
+    Toaster,
+} from '@iqser/common-ui';
+import { DOSSIER_TEMPLATE_ID, IWatermark, User, WATERMARK_ID, WatermarkOrientation, WatermarkOrientations } from '@red/domain';
 import { stampPDFPage } from '@utils/page-stamper';
 import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker';
 import { WatermarkService } from '@services/entity-services/watermark.service';
@@ -14,6 +23,7 @@ import { LicenseService } from '@services/license.service';
 import { UserPreferenceService } from '@users/user-preference.service';
 import { Router } from '@angular/router';
 import { WatermarksMapService } from '@services/entity-services/watermarks-map.service';
+import { ROLES } from '@users/roles';
 
 export const DEFAULT_WATERMARK: Partial<IWatermark> = {
     text: 'Watermark',
@@ -32,9 +42,10 @@ export const DEFAULT_WATERMARK: Partial<IWatermark> = {
 })
 export class WatermarkScreenComponent {
     readonly iconButtonTypes = IconButtonTypes;
-    readonly form: UntypedFormGroup = this._getForm();
+    readonly currentUser = getCurrentUser<User>();
+    readonly form = this._getForm();
     readonly watermark$: Observable<Partial<IWatermark>>;
-    readonly #dossierTemplateId: string = getParam(DOSSIER_TEMPLATE_ID);
+    readonly #dossierTemplateId = getParam(DOSSIER_TEMPLATE_ID);
     readonly #watermarkId = Number(getParam(WATERMARK_ID));
     private _instance: WebViewerInstance;
     private _watermark: Partial<IWatermark> = {};
@@ -45,7 +56,7 @@ export class WatermarkScreenComponent {
         private readonly _http: HttpClient,
         private readonly _toaster: Toaster,
         private readonly _formBuilder: UntypedFormBuilder,
-        readonly permissionsService: PermissionsService,
+        readonly permissionsService: IqserPermissionsService,
         private readonly _loadingService: LoadingService,
         private readonly _licenseService: LicenseService,
         @Inject(BASE_HREF_FN) private readonly _convertPath: BaseHrefFn,
@@ -210,7 +221,7 @@ export class WatermarkScreenComponent {
             orientation: [null],
         });
 
-        if (!this.permissionsService.isAdmin()) {
+        if (!this.currentUser.isAdmin || !this.permissionsService.has(ROLES.watermarks.write)) {
             form.disable();
         }
 
diff --git a/apps/red-ui/src/app/modules/admin/screens/watermark/watermark.module.ts b/apps/red-ui/src/app/modules/admin/screens/watermark/watermark.module.ts
index 2f6dd99b0..b33918c7f 100644
--- a/apps/red-ui/src/app/modules/admin/screens/watermark/watermark.module.ts
+++ b/apps/red-ui/src/app/modules/admin/screens/watermark/watermark.module.ts
@@ -10,6 +10,7 @@ import {
     IqserButtonsModule,
     IqserHelpModeModule,
     IqserListingModule,
+    IqserPermissionsModule,
     IqserScrollbarModule,
     IqserUsersModule,
 } from '@iqser/common-ui';
@@ -57,6 +58,7 @@ const routes = [
         IqserListingModule,
         IqserScrollbarModule,
         IqserHelpModeModule,
+        IqserPermissionsModule,
     ],
 })
 export class WatermarkModule {}
diff --git a/apps/red-ui/src/app/modules/admin/screens/watermark/watermarks-listing/watermarks-listing-screen.component.html b/apps/red-ui/src/app/modules/admin/screens/watermark/watermarks-listing/watermarks-listing-screen.component.html
index f8f384229..cdaadddd8 100644
--- a/apps/red-ui/src/app/modules/admin/screens/watermark/watermarks-listing/watermarks-listing-screen.component.html
+++ b/apps/red-ui/src/app/modules/admin/screens/watermark/watermarks-listing/watermarks-listing-screen.component.html
@@ -12,11 +12,11 @@
 <ng-template #headerTemplate>
     <div class="table-header-actions">
         <iqser-icon-button
-            *ngIf="currentUser.isAdmin"
+            *allow="roles.watermarks.write; if: currentUser.isAdmin"
+            [iqserHelpMode]="'create_new_watermark'"
             [label]="'watermarks-listing.add-new' | translate"
             [routerLink]="getRouterLink()"
             [type]="iconButtonTypes.primary"
-            [iqserHelpMode]="'create_new_watermark'"
             icon="iqser:plus"
         ></iqser-icon-button>
     </div>
@@ -32,7 +32,7 @@
             <mat-slide-toggle
                 (toggleChange)="toggleStatus(entity)"
                 [checked]="entity.enabled"
-                [disabled]="!permissionsService.isAdmin()"
+                [disabled]="!currentUser.isAdmin || (permissionsService.has$(roles.watermarks.write) | async) === false"
                 [iqserHelpMode]="'enable_disable_watermark'"
                 color="primary"
             ></mat-slide-toggle>
@@ -66,7 +66,7 @@
 
                     <iqser-circle-button
                         (action)="openConfirmDeleteWatermarkDialog($event, entity)"
-                        *ngIf="currentUser.isAdmin"
+                        *allow="roles.watermarks.write; if: currentUser.isAdmin"
                         [tooltip]="'watermarks-listing.action.delete' | translate"
                         [type]="circleButtonTypes.dark"
                         icon="iqser:trash"
diff --git a/apps/red-ui/src/app/modules/admin/screens/watermark/watermarks-listing/watermarks-listing-screen.component.ts b/apps/red-ui/src/app/modules/admin/screens/watermark/watermarks-listing/watermarks-listing-screen.component.ts
index 95c2eae68..ce670246c 100644
--- a/apps/red-ui/src/app/modules/admin/screens/watermark/watermarks-listing/watermarks-listing-screen.component.ts
+++ b/apps/red-ui/src/app/modules/admin/screens/watermark/watermarks-listing/watermarks-listing-screen.component.ts
@@ -2,22 +2,23 @@ import { ChangeDetectionStrategy, Component } from '@angular/core';
 import {
     CircleButtonTypes,
     ConfirmationDialogInput,
+    getCurrentUser,
     getParam,
     IconButtonTypes,
+    IqserPermissionsService,
     ListingComponent,
     listingProvidersFactory,
     LoadingService,
     TableColumnConfig,
     Toaster,
 } from '@iqser/common-ui';
-import { DOSSIER_TEMPLATE_ID, Watermark } from '@red/domain';
-import { getCurrentUser } from '@users/user.service';
+import { DOSSIER_TEMPLATE_ID, User, Watermark } from '@red/domain';
 import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker';
 import { firstValueFrom } from 'rxjs';
 import { WatermarkService } from '@services/entity-services/watermark.service';
 import { AdminDialogService } from '../../../services/admin-dialog.service';
 import { WatermarksMapService } from '@services/entity-services/watermarks-map.service';
-import { PermissionsService } from '@services/permissions.service';
+import { ROLES } from '@users/roles';
 
 @Component({
     templateUrl: './watermarks-listing-screen.component.html',
@@ -28,7 +29,8 @@ import { PermissionsService } from '@services/permissions.service';
 export class WatermarksListingScreenComponent extends ListingComponent<Watermark> {
     readonly iconButtonTypes = IconButtonTypes;
     readonly circleButtonTypes = CircleButtonTypes;
-    readonly currentUser = getCurrentUser();
+    readonly currentUser = getCurrentUser<User>();
+    readonly roles = ROLES;
     readonly tableColumnConfigs: TableColumnConfig<Watermark>[] = [
         { label: _('watermarks-listing.table-col-names.name'), sortByKey: 'searchKey', width: '2fr' },
         { label: _('watermarks-listing.table-col-names.status'), sortByKey: 'enabled', class: 'flex-center' },
@@ -36,8 +38,8 @@ export class WatermarksListingScreenComponent extends ListingComponent<Watermark
         { label: _('watermarks-listing.table-col-names.created-on'), sortByKey: 'dateAdded' },
         { label: _('watermarks-listing.table-col-names.modified-on'), sortByKey: 'dateModified' },
     ];
-    readonly tableHeaderLabel: string = _('watermarks-listing.table-header.title');
-    readonly #dossierTemplateId: string = getParam(DOSSIER_TEMPLATE_ID);
+    readonly tableHeaderLabel = _('watermarks-listing.table-header.title');
+    readonly #dossierTemplateId = getParam(DOSSIER_TEMPLATE_ID);
 
     constructor(
         private readonly _loadingService: LoadingService,
@@ -45,7 +47,7 @@ export class WatermarksListingScreenComponent extends ListingComponent<Watermark
         private readonly _watermarksMapService: WatermarksMapService,
         private readonly _dialogService: AdminDialogService,
         private readonly _toaster: Toaster,
-        readonly permissionsService: PermissionsService,
+        readonly permissionsService: IqserPermissionsService,
     ) {
         super();
         this.entitiesService.setEntities(this._watermarksMapService.get(this.#dossierTemplateId));
diff --git a/apps/red-ui/src/app/services/permissions.service.ts b/apps/red-ui/src/app/services/permissions.service.ts
index 103d8a0c1..3fd99d862 100644
--- a/apps/red-ui/src/app/services/permissions.service.ts
+++ b/apps/red-ui/src/app/services/permissions.service.ts
@@ -5,6 +5,7 @@ import { FilesMapService } from '@services/files/files-map.service';
 import { FeaturesService } from '@services/features.service';
 import { IqserPermissionsService } from '@iqser/common-ui';
 import { ROLES } from '@users/roles';
+import { UserPreferenceService } from '@users/user-preference.service';
 
 @Injectable({ providedIn: 'root' })
 export class PermissionsService {
@@ -12,6 +13,7 @@ export class PermissionsService {
         private readonly _userService: UserService,
         private readonly _filesMapService: FilesMapService,
         private readonly _featuresService: FeaturesService,
+        private readonly _userPreferenceService: UserPreferenceService,
         private readonly _iqserPermissionsService: IqserPermissionsService,
     ) {}
 
@@ -19,6 +21,20 @@ export class PermissionsService {
         return this._userService.currentUser.id;
     }
 
+    canAddEditJustifications() {
+        return (
+            this._userPreferenceService.areDevFeaturesEnabled && this.isAdmin() && this._iqserPermissionsService.has(ROLES.legalBasis.write)
+        );
+    }
+
+    canEditGlobalFileAttributes() {
+        return this._iqserPermissionsService.has(ROLES.fileAttributes.write) && this.isAdmin();
+    }
+
+    canEditGlobalDossierAttributes() {
+        return this._iqserPermissionsService.has(ROLES.dossierAttributes.writeConfig) && this.isAdmin();
+    }
+
     canDownloadEntityDictionary(): boolean {
         return this.isAdmin() || this.isManager();
     }
@@ -276,11 +292,11 @@ export class PermissionsService {
     }
 
     canEditDossierDictionary(dossier: Dossier): boolean {
-        return dossier.isActive && this.isOwner(dossier);
+        return dossier.isActive && this.isOwner(dossier) && this._iqserPermissionsService.has(ROLES.dossiers.dictionaryEntries.write);
     }
 
     canEditDossierAttributes(dossier: Dossier): boolean {
-        return dossier.isActive && this.isOwner(dossier);
+        return dossier.isActive && this.isOwner(dossier) && this._iqserPermissionsService.has(ROLES.dossierAttributes.write);
     }
 
     canEditTeamMembers(): boolean {
diff --git a/apps/red-ui/src/app/users/roles.ts b/apps/red-ui/src/app/users/roles.ts
index 26bb7c4bc..a512227d8 100644
--- a/apps/red-ui/src/app/users/roles.ts
+++ b/apps/red-ui/src/app/users/roles.ts
@@ -37,6 +37,7 @@ export const ROLES = {
         write: 'red-write-smtp-configuration',
     },
     license: {
+        edit: 'red-update-license',
         read: 'red-read-license',
         readReport: 'red-read-license-report',
     },