diff --git a/EnvelopeGenerator.API/Controllers/DocumentController.cs b/EnvelopeGenerator.API/Controllers/DocumentController.cs
index 45165517..5ad42022 100644
--- a/EnvelopeGenerator.API/Controllers/DocumentController.cs
+++ b/EnvelopeGenerator.API/Controllers/DocumentController.cs
@@ -1,3 +1,4 @@
+using EnvelopeGenerator.API.Controllers.Interfaces;
 using EnvelopeGenerator.API.Extensions;
 using EnvelopeGenerator.Application.Documents.Queries;
 using EnvelopeGenerator.Domain.Constants;
@@ -16,8 +17,13 @@ namespace EnvelopeGenerator.API.Controllers;
 [Authorize]
 [ApiController]
 [Route("api/[controller]")]
-public class DocumentController(IMediator mediator, ILogger<DocumentController> logger) : ControllerBase
+public class DocumentController(IMediator mediator, IAuthorizationService authService) : ControllerBase, IAuthController
 {
+    /// <summary>
+    /// 
+    /// </summary>
+    public IAuthorizationService AuthService => authService;
+
     /// <summary>
     /// Returns the document bytes receiver.
     /// </summary>
@@ -28,7 +34,7 @@ public class DocumentController(IMediator mediator, ILogger<DocumentController>
     public async Task<IActionResult> GetDocument(CancellationToken cancel, [FromQuery] ReadDocumentQuery? query = null)
     {
         // Sender: expects query with envelope key
-        if (User.IsInRole(Role.Sender))
+        if (await this.IsUserInPolicyAsync(AuthPolicy.Sender))
         {
             if (query is null)
                 return BadRequest("Missing document query.");
@@ -40,7 +46,7 @@ public class DocumentController(IMediator mediator, ILogger<DocumentController>
         }
 
         // Receiver: resolve envelope id from claims
-        if (User.IsInRole(Role.Receiver.Full))
+        if (await this.IsUserInPolicyAsync(AuthPolicy.Receiver))
         {           
             if (query is not null)
                 return BadRequest("Query parameters are not allowed for receiver role.");