diff --git a/areas/auth/auth.py b/areas/auth/auth.py
index 8a137d022deac78bdc8100131dd7d5567ac3f167..a119ffa46b19de3c7cdb889a279e8ed81d6098ae 100644
--- a/areas/auth/auth.py
+++ b/areas/auth/auth.py
@@ -37,7 +37,7 @@ def hydra_callback():
             identity = i
 
     access_token = create_access_token(
-        identity=token, expires_delta=timedelta(days=365)
+        identity=token, expires_delta=timedelta(days=365), additional_claims={"user_id": identity["id"]}
     )
 
     apps = App.query.all()
diff --git a/areas/roles/role_service.py b/areas/roles/role_service.py
index 7d70f9950b9dc4b76f91f88a7e5ed8cf910a22f7..a117985f627788409c30e1f9c3368afc90a2532b 100644
--- a/areas/roles/role_service.py
+++ b/areas/roles/role_service.py
@@ -1,3 +1,4 @@
+from areas.apps.models import AppRole
 from .models import Role
 
 
@@ -10,3 +11,7 @@ class RoleService:
     @staticmethod
     def get_role_by_id(role_id):
         return Role.query.filter_by(id=role_id).first()
+
+    def is_user_admin(userId):
+        dashboard_role_id = AppRole.query.filter_by(user_id=userId, app_id=1).first().role_id
+        return dashboard_role_id == 1
\ No newline at end of file
diff --git a/areas/users/users.py b/areas/users/users.py
index d472ed65568b8504176f3d8a9da939a3c88a7498..a41345583ebdb10474b5d150e77f4023705b8b3f 100644
--- a/areas/users/users.py
+++ b/areas/users/users.py
@@ -5,6 +5,7 @@ from flask_expects_json import expects_json
 
 from areas import api_v1
 from helpers import KratosApi
+from helpers.auth_guard import admin_required
 
 from .validation import schema
 from .user_service import UserService
@@ -13,6 +14,7 @@ from .user_service import UserService
 @api_v1.route("/users", methods=["GET"])
 @jwt_required()
 @cross_origin()
+@admin_required()
 def get_users():
     res = UserService.get_users()
     return jsonify(res)
@@ -49,6 +51,7 @@ def put_user(id):
 @api_v1.route("/users/<string:id>", methods=["DELETE"])
 @jwt_required()
 @cross_origin()
+@admin_required()
 def delete_user(id):
     res = KratosApi.delete("/identities/{}".format(id))
     if res.status_code == 204:
diff --git a/helpers/auth_guard.py b/helpers/auth_guard.py
new file mode 100644
index 0000000000000000000000000000000000000000..d40cd3d14ed94a3fe0eb93c89aaf1a7213ddc5df
--- /dev/null
+++ b/helpers/auth_guard.py
@@ -0,0 +1,24 @@
+from functools import wraps
+
+from flask import jsonify
+from areas.roles.role_service import RoleService
+
+from flask_jwt_extended import verify_jwt_in_request
+from flask_jwt_extended import get_jwt
+
+def admin_required():
+    def wrapper(fn):
+        @wraps(fn)
+        def decorator(*args, **kwargs):
+            verify_jwt_in_request()
+            claims = get_jwt()
+            userId = claims["user_id"]
+            isAdmin = RoleService.is_user_admin(userId)
+            if isAdmin:
+                return fn(*args, **kwargs)
+            else:
+                return jsonify(msg="Admins only!"), 403
+
+        return decorator
+
+    return wrapper
\ No newline at end of file