diff --git a/api/Program.cs b/api/Program.cs
index 07d914f..c74de6b 100644
--- a/api/Program.cs
+++ b/api/Program.cs
@@ -46,7 +46,14 @@ builder.Services.AddAuthentication(options => {
     };
 });
 
-builder.Services.AddAuthorization();
+builder.Services.AddAuthorization(options => {
+    options.AddPolicy("RequireAdmin", policy => {
+        policy.RequireRole("Admin", "Superuser");
+    });
+    options.AddPolicy("RequireSuperuser", policy => {
+        policy.RequireRole("Superuser");
+    });
+});
 
 // configuration for behind my nginx proxy
 builder.Services.Configure<ForwardedHeadersOptions>(options =>