diff --git a/dashboard/src/middleware.ts b/dashboard/src/middleware.ts
index 4ef97c3..27c3d02 100644
--- a/dashboard/src/middleware.ts
+++ b/dashboard/src/middleware.ts
@@ -1,13 +1,13 @@
-import { NextResponse } from 'next/server';
+import { NextRequest, NextResponse } from 'next/server';
 import { cookies } from 'next/headers';
-import { getFrontendApi } from '@/ory/sdk/server';
+import { getFrontendApi, getPermissionApi } from '@/ory/sdk/server';
 
-export async function middleware() {
+export async function middleware(request: NextRequest) {
 
-    const api = await getFrontendApi();
+    const frontendApi = await getFrontendApi();
     const cookie = await cookies();
 
-    const session = await api
+    const session = await frontendApi
         .toSession({ cookie: 'ory_kratos_session=' + cookie.get('ory_kratos_session')?.value })
         .then((response) => response.data)
         .catch(() => null);
@@ -25,7 +25,34 @@ export async function middleware() {
         return NextResponse.redirect(url);
     }
 
-    return NextResponse.next();
+    if (request.nextUrl.pathname === '/unauthorised') {
+        return NextResponse.next();
+    }
+
+    const permissionApi = await getPermissionApi();
+    const isAdmin = await permissionApi.checkPermission({
+        namespace: 'roles',
+        object: 'admin',
+        relation: 'member',
+        subjectId: session!.identity!.id,
+    })
+        .then(({ data: { allowed } }) => {
+            console.log('is_admin', session!.identity!.id, allowed);
+            return allowed;
+        })
+        .catch((response) => {
+            console.log('is_admin', session!.identity!.id, response, 'check failed');
+            return false;
+        });
+
+    if (isAdmin) {
+        return NextResponse.next();
+    } else {
+        console.log('MISSING PERMISSION');
+        const url = `${process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL}/unauthorised`;
+        console.log('REDIRECT TO', url);
+        return NextResponse.redirect(url!);
+    }
 }
 
 export const config = {