diff --git a/Gemfile b/Gemfile
index 39dafaf..6afcc2c 100644
--- a/Gemfile
+++ b/Gemfile
@@ -16,6 +16,7 @@ gem 'jquery-rails', '~> 4.4'
 gem 'lazy_high_charts', '~> 1.6'
 gem 'pg', '~> 1.1'
 gem 'puma', '~> 5.0'
+gem 'pundit', '~> 2.1'
 gem 'rails', '~> 6.1.1'
 gem 'sass-rails', '>= 6'
 gem 'sprockets', '~> 4.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 96cda2d..5a00032 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -140,6 +140,8 @@ GEM
     public_suffix (4.0.6)
     puma (5.2.1)
       nio4r (~> 2.0)
+    pundit (2.1.0)
+      activesupport (>= 3.0.0)
     racc (1.5.2)
     rack (2.2.3)
     rack-mini-profiler (2.3.1)
@@ -259,6 +261,7 @@ DEPENDENCIES
   listen (~> 3.3)
   pg (~> 1.1)
   puma (~> 5.0)
+  pundit (~> 2.1)
   rack-mini-profiler (~> 2.0)
   rails (~> 6.1.1)
   rubocop (~> 1.9)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7944f9f..5dde212 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 
 class ApplicationController < ActionController::Base
+  include Pundit
 end
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
new file mode 100644
index 0000000..eefe976
--- /dev/null
+++ b/app/policies/application_policy.rb
@@ -0,0 +1,49 @@
+class ApplicationPolicy
+  attr_reader :user, :record
+
+  def initialize(user, record)
+    @user = user
+    @record = record
+  end
+
+  def index?
+    false
+  end
+
+  def show?
+    false
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  class Scope
+    attr_reader :user, :scope
+
+    def initialize(user, scope)
+      @user = user
+      @scope = scope
+    end
+
+    def resolve
+      scope.all
+    end
+  end
+end