diff --git a/src/Controller/AttachmentTypeController.php b/src/Controller/AttachmentTypeController.php
index f8952259..b3c4ae31 100644
--- a/src/Controller/AttachmentTypeController.php
+++ b/src/Controller/AttachmentTypeController.php
@@ -64,6 +64,8 @@ class AttachmentTypeController extends AbstractController
     public function edit(AttachmentType $entity, Request $request, EntityManagerInterface $em)
     {
 
+        $this->denyAccessUnlessGranted('read', $entity);
+
         $form = $this->createForm(BaseEntityAdminForm::class, $entity);
 
         $form->handleRequest($request);
@@ -88,7 +90,7 @@ class AttachmentTypeController extends AbstractController
     {
         $new_entity = new AttachmentType();
 
-        $this->denyAccessUnlessGranted('create', $new_entity);
+        $this->denyAccessUnlessGranted('read', $new_entity);
 
         //Basic edit form
         $form = $this->createForm(BaseEntityAdminForm::class, $new_entity);
@@ -135,6 +137,8 @@ class AttachmentTypeController extends AbstractController
      */
     public function delete(Request $request, AttachmentType $entity)
     {
+        $this->denyAccessUnlessGranted('delete', $entity);
+
         if ($this->isCsrfTokenValid('delete'.$entity->getId(), $request->request->get('_token'))) {
             $entityManager = $this->getDoctrine()->getManager();
 
@@ -164,6 +168,8 @@ class AttachmentTypeController extends AbstractController
      */
     public function exportAll(EntityManagerInterface $em, EntityExporter $exporter, Request $request)
     {
+        $this->denyAccessUnlessGranted('read', $entity);
+
         $entities = $em->getRepository(AttachmentType::class)->findAll();
 
         return $exporter->exportEntityFromRequest($entities,$request);
@@ -176,6 +182,8 @@ class AttachmentTypeController extends AbstractController
      */
     public function exportEntity(AttachmentType $entity, EntityExporter $exporter, Request $request)
     {
+        $this->denyAccessUnlessGranted('read', $entity);
+
         return $exporter->exportEntityFromRequest($entity, $request);
     }
 
diff --git a/src/Form/BaseEntityAdminForm.php b/src/Form/BaseEntityAdminForm.php
index 36f07293..84716040 100644
--- a/src/Form/BaseEntityAdminForm.php
+++ b/src/Form/BaseEntityAdminForm.php
@@ -62,19 +62,21 @@ class BaseEntityAdminForm extends AbstractType
         $builder
             ->add('name', TextType::class, ['empty_data' => '', 'label' => 'name.label',
                 'attr' => ['placeholder' => 'part.name.placeholder'],
-                'disabled' => !$this->security->isGranted('edit', $entity), ])
+                'disabled' => !$this->security->isGranted($is_new ? 'create' : 'edit', $entity), ])
 
             ->add('parent', EntityType::class, ['class' => get_class($entity), 'choice_label' => 'full_path',
                 'attr' => ['class' => 'selectpicker', 'data-live-search' => true], 'required' => false, 'label' => 'parent.label',
-                'disabled' => !$this->security->isGranted('move', $entity), ])
+                'disabled' => !$this->security->isGranted($is_new ? 'create' : 'move', $entity), ])
 
             ->add('comment', CKEditorType::class, ['required' => false,
                 'label' => 'comment.label', 'attr' => ['rows' => 4], 'help' => 'bbcode.hint',
-                'disabled' => !$this->security->isGranted('edit', $entity)])
+                'disabled' => !$this->security->isGranted($is_new ? 'create' : 'edit', $entity)])
 
             //Buttons
             ->add('save', SubmitType::class, ['label' =>  $is_new ? 'entity.create' : 'entity.edit.save',
-                'attr' => ['class' => $is_new ? 'btn-success' : '']])
-            ->add('reset', ResetType::class, ['label' => 'entity.edit.reset']);
+                'attr' => ['class' => $is_new ? 'btn-success' : ''],
+                'disabled' => !$this->security->isGranted($is_new ? 'create' : 'edit', $entity)])
+            ->add('reset', ResetType::class, ['label' => 'entity.edit.reset',
+                'disabled' => !$this->security->isGranted($is_new ? 'create' : 'edit', $entity)]);
     }
 }
\ No newline at end of file
diff --git a/src/Form/ImportType.php b/src/Form/ImportType.php
index f5777bd9..6ed046e4 100644
--- a/src/Form/ImportType.php
+++ b/src/Form/ImportType.php
@@ -40,30 +40,48 @@ use Symfony\Component\Form\Extension\Core\Type\FileType;
 use Symfony\Component\Form\Extension\Core\Type\SubmitType;
 use Symfony\Component\Form\Extension\Core\Type\TextType;
 use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\Security\Core\Security;
 
 class ImportType extends AbstractType
 {
+
+    protected $security;
+
+    public function __construct(Security $security)
+    {
+        $this->security = $security;
+    }
+
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
 
         $data = $options['data'];
 
+        //Disable import if user is not allowed to create elements.
+        $entity = new $data['entity_class'];
+        $perm_name = "create";
+        $disabled = ! $this->security->isGranted($perm_name, $entity);
+
         $builder
 
             ->add('format', ChoiceType::class, ['choices' =>
-                ['JSON' => 'json', 'XML' => 'xml','CSV'=>'csv' ,'YAML' => 'yaml'], 'label' => 'export.format'])
-            ->add('csv_separator', TextType::class, ['data' => ';', 'label' => 'import.csv_separator'])
+                ['JSON' => 'json', 'XML' => 'xml','CSV'=>'csv' ,'YAML' => 'yaml'], 'label' => 'export.format',
+                'disabled' => $disabled])
+            ->add('csv_separator', TextType::class, ['data' => ';', 'label' => 'import.csv_separator',
+                'disabled' => $disabled])
             ->add('parent', EntityType::class, ['class' => $data['entity_class'], 'choice_label' => 'full_path',
-                'attr' => ['class' => 'selectpicker', 'data-live-search' => true], 'required' => false, 'label' => 'parent.label'])
+                'attr' => ['class' => 'selectpicker', 'data-live-search' => true], 'required' => false,
+                'label' => 'parent.label', 'disabled' => $disabled])
             ->add('file', FileType::class, ['label' => 'import.file',
-                'attr' => ['class' => 'file', 'data-show-preview' => 'false', 'data-show-upload' => 'false']])
+                'attr' => ['class' => 'file', 'data-show-preview' => 'false', 'data-show-upload' => 'false'], 'disabled' => $disabled])
 
             ->add('preserve_children', CheckboxType::class, ['data' => true, 'required' => false,
-                'label' => 'import.preserve_children', 'label_attr'=> ['class' => 'checkbox-custom']])
+                'label' => 'import.preserve_children', 'label_attr'=> ['class' => 'checkbox-custom'], 'disabled' => $disabled])
             ->add('abort_on_validation_error', CheckboxType::class, ['data' => true, 'required' => false,
-                'label' => 'import.abort_on_validation', 'help'=> 'import.abort_on_validation.help', 'label_attr'=> ['class' => 'checkbox-custom']])
+                'label' => 'import.abort_on_validation', 'help'=> 'import.abort_on_validation.help',
+                'label_attr'=> ['class' => 'checkbox-custom'], 'disabled' => $disabled])
 
             //Buttons
-            ->add('import', SubmitType::class, ['label' => 'import.btn']);
+            ->add('import', SubmitType::class, ['label' => 'import.btn', 'disabled' => $disabled]);
     }
 }
\ No newline at end of file
diff --git a/templates/AdminPages/_delete_form.html.twig b/templates/AdminPages/_delete_form.html.twig
index 651fd8db..5bac94cd 100644
--- a/templates/AdminPages/_delete_form.html.twig
+++ b/templates/AdminPages/_delete_form.html.twig
@@ -6,7 +6,7 @@
     <div class="form-group">
         <div class=""></div>
         <div class="col offset-3 pl-2">
-            <button class="btn btn-danger">{% trans %}entity.delete{% endtrans %}</button>
+            <button class="btn btn-danger" {% if not is_granted("delete", entity) %}disabled{% endif %}">{% trans %}entity.delete{% endtrans %}</button>
         </div>
     </div>
 </form>