diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index f6286a4..2842746 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,4 +1,13 @@
 class ApplicationController < ActionController::Base
   include Authentication
   include Pundit
+
+  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
+
+  private
+
+  def user_not_authorized
+    flash[:alert] = "You are not authorized to perform this action."
+    redirect_to(request.referrer || root_path)
+  end
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index ef192f8..5d1f335 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -3,12 +3,14 @@ class UsersController < ApplicationController
 
   # GET /users or /users.json
   def index
-    @users = policy_scope(User)
-    # @users = User.all
+    authorize User
+    # @users = policy_scope(User)
+    @users = User.all
   end
 
   # GET /users/1 or /users/1.json
   def show
+    authorize @user
   end
 
   # GET /users/new
@@ -18,12 +20,15 @@ class UsersController < ApplicationController
 
   # GET /users/1/edit
   def edit
+    authorize @user
   end
 
   # POST /users or /users.json
   def create
     @user = User.new(user_params)
 
+    authorize @user
+
     respond_to do |format|
       if @user.save
         format.html { redirect_to user_url(@user), notice: "User was successfully created." }
@@ -37,6 +42,8 @@ class UsersController < ApplicationController
 
   # PATCH/PUT /users/1 or /users/1.json
   def update
+    authorize @user
+
     respond_to do |format|
       if @user.update(user_params)
         if @user.unconfirmed? && params.fetch(:user, {}).fetch(:confirm, "0") == "1"
@@ -55,6 +62,8 @@ class UsersController < ApplicationController
   def destroy
     @user.destroy
 
+    authorize @user
+
     respond_to do |format|
       format.html { redirect_to users_url, notice: "User was successfully destroyed." }
       format.json { head :no_content }
diff --git a/app/policies/check_policy.rb b/app/policies/check_policy.rb
new file mode 100644
index 0000000..b17aa21
--- /dev/null
+++ b/app/policies/check_policy.rb
@@ -0,0 +1,29 @@
+class CheckPolicy < ApplicationPolicy
+  def index?
+    true
+  end
+
+  def show?
+    true
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    user.admin?
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    user.admin?
+  end
+end
\ No newline at end of file
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index 556dd1a..0104d46 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -8,4 +8,32 @@ class UserPolicy < ApplicationPolicy
       end
     end
   end
+
+  def index?
+    user.admin?
+  end
+
+  def show?
+    user.admin?
+  end
+
+  def create?
+    user.admin?
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    user.admin?
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    user.admin?
+  end
 end
\ No newline at end of file
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 85666b3..f2cc565 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -77,7 +77,9 @@
 
       <div>
         Controller: <%= controller_name %>
-        User: <%= current_user.email %>
+        <% if current_user %>
+          <br>User: <%= current_user.email %>
+        <% end %>
       </div>
     </div>
   </body>
diff --git a/app/views/shared/_main_menu.html.erb b/app/views/shared/_main_menu.html.erb
index 4a5e090..170e9fc 100644
--- a/app/views/shared/_main_menu.html.erb
+++ b/app/views/shared/_main_menu.html.erb
@@ -1,11 +1,19 @@
-<% if controller_name == "checks" %>
-    <%= link_to "Checks", checks_path, class: common_classes + " " + active_classes %>
+<% if policy(Check).index? %>
+    <% if controller_name == "checks" %>
+        <%= link_to "Checks", checks_path, class: common_classes + " " + active_classes %>
+    <% else %>
+        <%= link_to "Checks", checks_path, class: common_classes + " " + inactive_classes %>
+    <% end %>
 <% else %>
-    <%= link_to "Checks", checks_path, class: common_classes + " " + inactive_classes %>
+    <%= content_tag :span, "Checks", class: common_classes + " " + inactive_classes %>
 <% end %>
 
-<% if controller_name == "users" %>
-    <%= link_to "Users", users_path, class: common_classes + " " + active_classes %>
+<% if policy(User).index? %>
+    <% if controller_name == "users" %>
+        <%= link_to "Users", users_path, class: common_classes + " " + active_classes %>
+    <% else %>
+        <%= link_to "Users", users_path, class: common_classes + " " + inactive_classes %>
+    <% end %>
 <% else %>
-    <%= link_to "Users", users_path, class: common_classes + " " + inactive_classes %>
+    <%= content_tag :span, "Users", class: common_classes + " " + inactive_classes %>
 <% end %>
\ No newline at end of file