diff --git a/src/main/java/org/genesys/catalog/service/impl/DatasetServiceImpl.java b/src/main/java/org/genesys/catalog/service/impl/DatasetServiceImpl.java
index dd6fcd8e68a12fda18237f37f6d36f29c29ffb21..e3364875f1e22624ad44d6dab15fd153520d0767 100644
--- a/src/main/java/org/genesys/catalog/service/impl/DatasetServiceImpl.java
+++ b/src/main/java/org/genesys/catalog/service/impl/DatasetServiceImpl.java
@@ -97,7 +97,7 @@ public class DatasetServiceImpl implements DatasetService {
 	 */
 	@Override
 	@Transactional
-	@PreAuthorize("isAuthenticated()")
+	@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#source.owner, 'write')")
 	public Dataset createDataset(final Dataset source) {
 		LOG.info("Create Dataset. Input data {}", source);
 		final DatasetVersions datasetVersions = new DatasetVersions();
@@ -229,7 +229,7 @@ public class DatasetServiceImpl implements DatasetService {
 	 * {@inheritDoc}
 	 */
 	@Override
-	@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
+	@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
 	public Dataset loadDataset(final Dataset input) {
 		LOG.debug("Load Dataset. Input data {}", input);
 		final Dataset dataset = datasetRepository.findOne(input.getId());
@@ -278,7 +278,7 @@ public class DatasetServiceImpl implements DatasetService {
 	 * {@inheritDoc}
 	 */
 	@Override
-	@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
+	@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
 	public Dataset loadDataset(final UUID uuid) {
 		final Dataset dataset = datasetRepository.findByUuid(uuid);
 		return lazyLoad(dataset);
@@ -288,7 +288,7 @@ public class DatasetServiceImpl implements DatasetService {
 	 * {@inheritDoc}
 	 */
 	@Override
-	@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
+	@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
 	public Dataset loadDataset(final UUID uuid, final int version) {
 		final Dataset dataset = datasetRepository.findByUuidAndVersion(uuid, version);
 		return lazyLoad(dataset);
@@ -345,7 +345,7 @@ public class DatasetServiceImpl implements DatasetService {
 	 * {@inheritDoc}
 	 */
 	@Override
-	@PreAuthorize("#dataset.published || hasPermission(#dataset, 'read')")
+	@PreAuthorize("#dataset.published || hasRole('ADMINISTRATOR') || hasPermission(#dataset, 'read')")
 	public List<RepositoryFile> listDatasetFiles(final Dataset dataset) throws NotFoundElement {
 		return dataset.getRepositoryFiles();
 	}
diff --git a/src/main/java/org/genesys/catalog/service/impl/DescriptorListServiceImpl.java b/src/main/java/org/genesys/catalog/service/impl/DescriptorListServiceImpl.java
index 2bf6df4cd7a45c3e3e0b6019a6d1dcd683d3b2c6..c56416332d84bd0a46971390e0efb93100d838d0 100644
--- a/src/main/java/org/genesys/catalog/service/impl/DescriptorListServiceImpl.java
+++ b/src/main/java/org/genesys/catalog/service/impl/DescriptorListServiceImpl.java
@@ -85,7 +85,7 @@ public class DescriptorListServiceImpl implements DescriptorListService {
 	 */
 	@Transactional
 	@Override
-	@PreAuthorize("isAuthenticated()")
+	@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#input.owner, 'write')")
 	public DescriptorList createDescriptorList(final DescriptorList input) {
 		LOG.info("Create descriptor list {}", input);
 
@@ -233,19 +233,19 @@ public class DescriptorListServiceImpl implements DescriptorListService {
 	}
 
 	@Override
-	@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
+	@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
 	public DescriptorList getDescriptorList(final Long id) {
 		return lazyLoad(descriptorListRepository.findOne(id));
 	}
 
 	@Override
-	@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
+	@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
 	public DescriptorList getDescriptorList(final UUID uuid) {
 		return lazyLoad(descriptorListRepository.findByUuid(uuid));
 	}
 
 	@Override
-	@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
+	@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
 	public DescriptorList getDescriptorList(final UUID uuid, final int version) {
 		return lazyLoad(descriptorListRepository.findByUuidAndVersion(uuid, version));
 	}
@@ -278,7 +278,7 @@ public class DescriptorListServiceImpl implements DescriptorListService {
 	}
 
 	@Override
-	@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
+	@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
 	public DescriptorList loadDescriptorList(final DescriptorList input) {
 		return loadDescriptorList(input.getUuid(), input.getVersion());
 	}
diff --git a/src/main/java/org/genesys/catalog/service/impl/DescriptorServiceImpl.java b/src/main/java/org/genesys/catalog/service/impl/DescriptorServiceImpl.java
index fce4bf5c2e8ff81bbde95b95c3245ec3625fac9b..0fba67958a971768e1180faff25bedc6a8d9e9b2 100644
--- a/src/main/java/org/genesys/catalog/service/impl/DescriptorServiceImpl.java
+++ b/src/main/java/org/genesys/catalog/service/impl/DescriptorServiceImpl.java
@@ -88,7 +88,7 @@ public class DescriptorServiceImpl implements DescriptorService {
 	 */
 	@Transactional
 	@Override
-	@PreAuthorize("isAuthenticated()")
+	@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#input.owner, 'write')")
 	public Descriptor createDescriptor(final Descriptor input) {
 		LOG.info("Creating descriptor: {} - {}", input.getTitle(), input.getDataType());
 
@@ -177,7 +177,7 @@ public class DescriptorServiceImpl implements DescriptorService {
 	 * {@inheritDoc}
 	 */
 	@Override
-	@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
+	@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'write')")
 	public Descriptor getDescriptor(final UUID uuid) {
 		return lazyLoad(descriptorRepository.findByUuid(uuid));
 	}
@@ -189,7 +189,7 @@ public class DescriptorServiceImpl implements DescriptorService {
 	 * int)
 	 */
 	@Override
-	@PostAuthorize("returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
+	@PostAuthorize("hasRole('ADMINISTRATOR') || returnObject==null || returnObject.published || hasPermission(returnObject, 'read')")
 	public Descriptor getDescriptor(final UUID uuid, final int version) {
 		return lazyLoad(descriptorRepository.findByUuidAndVersion(uuid, version));
 	}
@@ -352,8 +352,8 @@ public class DescriptorServiceImpl implements DescriptorService {
 	 * catalog.model.traits.Descriptor)
 	 */
 	@Override
-	@PreAuthorize("#descriptor.published || hasPermission(#descriptor, 'read')")
-	@PostFilter("filterObject==null || filterObject.published || hasPermission(filterObject, 'write')")
+	@PreAuthorize("#descriptor.published || hasRole('ADMINISTRATOR') || hasPermission(#descriptor, 'read')")
+	@PostFilter("hasRole('ADMINISTRATOR') || filterObject==null || filterObject.published || hasPermission(filterObject, 'write')")
 	public List<DescriptorList> getDescriptorLists(final Descriptor descriptor) {
 		final List<DescriptorList> list = descriptorRepository.listDescriptorLists(descriptor);
 		list.forEach(d -> entityManager.detach(d));
@@ -368,7 +368,7 @@ public class DescriptorServiceImpl implements DescriptorService {
 	 */
 	@Override
 	@PreAuthorize("#descriptor.published || hasPermission(#descriptor, 'read')")
-	@PostFilter("filterObject==null || filterObject.published || hasPermission(filterObject, 'write')")
+	@PostFilter("hasRole('ADMINISTRATOR') || filterObject==null || filterObject.published || hasPermission(filterObject, 'write')")
 	public List<Dataset> getDatasets(final Descriptor descriptor) {
 		final List<Dataset> list = descriptorRepository.listDatasets(descriptor);
 		list.forEach(d -> entityManager.detach(d));
@@ -377,7 +377,7 @@ public class DescriptorServiceImpl implements DescriptorService {
 
 	@Override
 	@Transactional
-	@PreAuthorize("#descriptor.published || hasPermission(#descriptor, 'read')")
+	@PreAuthorize("#descriptor.published || hasRole('ADMINISTRATOR') || hasPermission(#descriptor, 'read')")
 	public Descriptor nextVersion(final Descriptor descriptor, final boolean major) {
 		final Descriptor source = reloadDescriptor(descriptor);
 		LOG.info("Creating new version for descriptor uuid={} id={}", descriptor.getUuid(), descriptor.getId());