diff --git a/EnvelopeGenerator.Web/Controllers/DocumentController.cs b/EnvelopeGenerator.Web/Controllers/DocumentController.cs
index 09b10345..4283997e 100644
--- a/EnvelopeGenerator.Web/Controllers/DocumentController.cs
+++ b/EnvelopeGenerator.Web/Controllers/DocumentController.cs
@@ -3,12 +3,12 @@ using EnvelopeGenerator.Common;
 using EnvelopeGenerator.Web.Services;
 using EnvelopeGenerator.Application.Contracts;
 using Microsoft.AspNetCore.Authorization;
-using EnvelopeGenerator.Application;
 using EnvelopeGenerator.Extensions;
+using static EnvelopeGenerator.Common.Constants;
 
 namespace EnvelopeGenerator.Web.Controllers
 {
-    [Authorize]
+    [Authorize(Roles = ReceiverRole.FullyAuth)]
     [Route("api/[controller]")]
     public class DocumentController : BaseController
     {
@@ -48,7 +48,7 @@ namespace EnvelopeGenerator.Web.Controllers
             }
         }
 
-        [Authorize]
+        [Authorize(Roles = ReceiverRole.FullyAuth)]
         [HttpPost("{envelopeKey}")]
         public async Task<IActionResult> Open(string envelopeKey)
         {
diff --git a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
index 9af9e4eb..671ec61b 100644
--- a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
@@ -10,7 +10,7 @@ using EnvelopeGenerator.Extensions;
 
 namespace EnvelopeGenerator.Web.Controllers
 {
-    [Authorize]
+    [Authorize(Roles = ReceiverRole.FullyAuth)]
     [ApiController]
     [Route("api/[controller]")]
     public class EnvelopeController : BaseController
@@ -64,7 +64,7 @@ namespace EnvelopeGenerator.Web.Controllers
             }
         }
 
-        [Authorize]
+        [Authorize(Roles = ReceiverRole.FullyAuth)]
         [HttpPost("{envelopeKey}")]
         public async Task<IActionResult> Update(string envelopeKey, int index)
         {
@@ -110,7 +110,7 @@ namespace EnvelopeGenerator.Web.Controllers
             }
         }
 
-        [Authorize]
+        [Authorize(Roles = ReceiverRole.FullyAuth)]
         [HttpPost("reject")]
         public async Task<IActionResult> Reject([FromBody] string? reason = null)
         {
diff --git a/EnvelopeGenerator.Web/Controllers/HomeController.cs b/EnvelopeGenerator.Web/Controllers/HomeController.cs
index 0fa08d77..6535edce 100644
--- a/EnvelopeGenerator.Web/Controllers/HomeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/HomeController.cs
@@ -19,7 +19,6 @@ using Ganss.Xss;
 using Newtonsoft.Json;
 using EnvelopeGenerator.Application.DTOs;
 using DigitalData.Core.Client;
-using EnvelopeGenerator.Application.Extensions;
 
 namespace EnvelopeGenerator.Web.Controllers;
 
@@ -321,7 +320,8 @@ public class HomeController : ViewControllerBase
                             new(ClaimTypes.Name, er.Name ?? string.Empty),
                             new(ClaimTypes.Email, er.Receiver.EmailAddress),
                             new(EnvelopeClaimTypes.Title, er.Envelope.Title),
-                            new(EnvelopeClaimTypes.Id, er.Envelope.Id.ToString())
+                            new(EnvelopeClaimTypes.Id, er.Envelope.Id.ToString()),
+                            new(ClaimTypes.Role, ReceiverRole.FullyAuth)
             };
 
             var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
@@ -348,7 +348,7 @@ public class HomeController : ViewControllerBase
         }
     }
 
-    [Authorize]
+    [Authorize(Roles = ReceiverRole.FullyAuth)]
     [HttpGet("EnvelopeKey/{envelopeReceiverId}/Success")]
     public async Task<IActionResult> EnvelopeSigned(string envelopeReceiverId)
     {
@@ -383,7 +383,7 @@ public class HomeController : ViewControllerBase
         }
     }
 
-    [Authorize]
+    [Authorize(Roles = ReceiverRole.FullyAuth)]
     [HttpGet("EnvelopeKey/{envelopeReceiverId}/Rejected")]
     public async Task<IActionResult> EnvelopeRejected(string envelopeReceiverId)
     {
@@ -489,7 +489,7 @@ public class HomeController : ViewControllerBase
         }
     }
 
-    [Authorize]
+    [Authorize(Roles = ReceiverRole.FullyAuth)]
     [HttpGet("IsAuthenticated")]
     public IActionResult IsAuthenticated()
     {
diff --git a/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs b/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs
index 6b910d71..c541b0d1 100644
--- a/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs
+++ b/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs
@@ -4,6 +4,7 @@ using EnvelopeGenerator.Application.DTOs.EnvelopeReceiverReadOnly;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Newtonsoft.Json;
+using static EnvelopeGenerator.Common.Constants;
 
 namespace EnvelopeGenerator.Web.Controllers
 {
@@ -28,7 +29,7 @@ namespace EnvelopeGenerator.Web.Controllers
         }
 
         [HttpPost]
-        [Authorize]
+        [Authorize(Roles = ReceiverRole.FullyAuth)]
         public async Task<IActionResult> CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto)
         {
             try