diff --git a/wizard-server/src/Wizard/Service/DocumentTemplate/Bundle/DocumentTemplateBundleService.hs b/wizard-server/src/Wizard/Service/DocumentTemplate/Bundle/DocumentTemplateBundleService.hs
index f0a55f2c3..cfa8442ae 100644
--- a/wizard-server/src/Wizard/Service/DocumentTemplate/Bundle/DocumentTemplateBundleService.hs
+++ b/wizard-server/src/Wizard/Service/DocumentTemplate/Bundle/DocumentTemplateBundleService.hs
@@ -70,6 +70,7 @@ importAndConvertBundle :: BSL.ByteString -> Bool -> AppContextM DocumentTemplate
 importAndConvertBundle contentS fromRegistry =
   case fromDocumentTemplateArchive contentS of
     Right (bundle, assetContents) -> do
+      checkPermission _DOC_TML_WRITE_PERM
       checkDocumentTemplateLimit
       let assetSize = foldl (\acc (_, content) -> acc + (fromIntegral . BS.length $ content)) 0 assetContents
       checkStorageSize assetSize
diff --git a/wizard-server/src/Wizard/Service/Locale/Bundle/LocaleBundleService.hs b/wizard-server/src/Wizard/Service/Locale/Bundle/LocaleBundleService.hs
index ea895f17d..89c858cdb 100644
--- a/wizard-server/src/Wizard/Service/Locale/Bundle/LocaleBundleService.hs
+++ b/wizard-server/src/Wizard/Service/Locale/Bundle/LocaleBundleService.hs
@@ -38,6 +38,7 @@ getTemporaryFileWithBundle lclId =
 exportBundle :: String -> AppContextM BSL.ByteString
 exportBundle lclId =
   runInTransaction $ do
+    checkPermission _LOC_PERM
     locale <- findLocaleById lclId
     content <- retrieveLocale locale.lId
     return $ toLocaleArchive locale content
@@ -45,7 +46,7 @@ exportBundle lclId =
 pullBundleFromRegistry :: String -> AppContextM ()
 pullBundleFromRegistry lclId =
   runInTransaction $ do
-    checkPermission _DOC_TML_WRITE_PERM
+    checkPermission _LOC_PERM
     lb <- catchError (retrieveLocaleBundleById lclId) handleError
     _ <- importBundle lb True
     return ()
diff --git a/wizard-server/src/Wizard/Service/Package/Bundle/PackageBundleService.hs b/wizard-server/src/Wizard/Service/Package/Bundle/PackageBundleService.hs
index b49aca568..40ade66e1 100644
--- a/wizard-server/src/Wizard/Service/Package/Bundle/PackageBundleService.hs
+++ b/wizard-server/src/Wizard/Service/Package/Bundle/PackageBundleService.hs
@@ -60,6 +60,7 @@ getTemporaryFileWithBundle pbId =
 exportBundle :: String -> AppContextM PackageBundleDTO
 exportBundle pbId =
   runInTransaction $ do
+    checkPermission _PM_WRITE_PERM
     packages <- findSeriesOfPackagesRecursiveById pbId
     let newestPackage = last packages
     when
diff --git a/wizard-server/src/Wizard/Service/Questionnaire/Version/QuestionnaireVersionService.hs b/wizard-server/src/Wizard/Service/Questionnaire/Version/QuestionnaireVersionService.hs
index 70ae3a479..911e9b8a4 100644
--- a/wizard-server/src/Wizard/Service/Questionnaire/Version/QuestionnaireVersionService.hs
+++ b/wizard-server/src/Wizard/Service/Questionnaire/Version/QuestionnaireVersionService.hs
@@ -95,7 +95,9 @@ revertToEvent :: U.UUID -> QuestionnaireVersionRevertDTO -> Bool -> AppContextM
 revertToEvent qtnUuid reqDto shouldSave =
   runInTransaction $ do
     qtn <- findQuestionnaireByUuid qtnUuid
-    when shouldSave (checkOwnerPermissionToQtn qtn.visibility qtn.permissions)
+    if shouldSave
+      then checkOwnerPermissionToQtn qtn.visibility qtn.permissions
+      else checkViewPermissionToQtn qtn.visibility qtn.sharing qtn.permissions
     let updatedEvents = takeWhileInclusive (\e -> getUuid e /= reqDto.eventUuid) qtn.events
     let updatedEventUuids = S.fromList . fmap getUuid $ updatedEvents
     let updatedVersions = filter (\v -> S.member v.eventUuid updatedEventUuids) qtn.versions
diff --git a/wizard-server/src/Wizard/Service/Tenant/Usage/UsageService.hs b/wizard-server/src/Wizard/Service/Tenant/Usage/UsageService.hs
index 162a9cb89..70092d253 100644
--- a/wizard-server/src/Wizard/Service/Tenant/Usage/UsageService.hs
+++ b/wizard-server/src/Wizard/Service/Tenant/Usage/UsageService.hs
@@ -10,6 +10,7 @@ import Wizard.Database.DAO.DocumentTemplate.DocumentTemplateDraftDAO
 import Wizard.Database.DAO.Questionnaire.QuestionnaireDAO
 import Wizard.Database.DAO.Tenant.TenantLimitBundleDAO
 import Wizard.Database.DAO.User.UserDAO
+import Wizard.Model.Context.AclContext
 import Wizard.Model.Context.AppContext
 import Wizard.Service.Tenant.Usage.UsageMapper
 import WizardLib.DocumentTemplate.Database.DAO.DocumentTemplate.DocumentTemplateAssetDAO
@@ -35,6 +36,7 @@ getUsage tenantUuid = do
 
 getUsageForCurrentApp :: AppContextM TenantUsageDTO
 getUsageForCurrentApp = do
+  checkPermission _CFG_PERM
   limitBundle <- findLimitBundleForCurrentTenant
   userCount <- countUsers
   activeUserCount <- countActiveUsers