diff --git a/authserver/authserver/api/views.py b/authserver/authserver/api/views.py
index bd12773..faa5f3f 100644
--- a/authserver/authserver/api/views.py
+++ b/authserver/authserver/api/views.py
@@ -3,13 +3,22 @@ from rest_framework import viewsets, permissions
 
 from . import models, serializers
 
+class IsLockoutAdmin(permissions.BasePermission):
+    def has_permission(self, request, view):
+        try:
+            return request.user.profile.lockout_admin
+        except AttributeError:
+            return False
+
 class CategoryViewSet(viewsets.ModelViewSet):
     queryset = models.Category.objects.all().order_by('id')
     serializer_class = serializers.CategorySerializer
+    permission_classes = (IsLockoutAdmin,)
 
 class ToolViewSet(viewsets.ModelViewSet):
     queryset = models.Tool.objects.all().order_by('id')
     serializer_class = serializers.ToolSerializer
+    permission_classes = (IsLockoutAdmin,)
 
 class ToolDataViewSet(viewsets.ReadOnlyModelViewSet):
     queryset = models.Category.objects.all().order_by('id')