diff --git a/index.php b/index.php
index e4cafd8..5cac7ba 100644
--- a/index.php
+++ b/index.php
@@ -82,6 +82,11 @@ if (empty($_SESSION["login_code"])) {
         }
         if (is_numeric($uidinfo['uid'])) {
             $user = new User($uidinfo['uid'] * 1);
+            foreach ($SETTINGS['permissions'] as $perm) {
+                if (!$user->hasPermission($perm)) {
+                    die($Strings->get("no access permission", false));
+                }
+            }
             Session::start($user);
             $_SESSION["login_code"] = null;
             header('Location: app.php');
diff --git a/settings.template.php b/settings.template.php
index 22c1b16..94686c0 100644
--- a/settings.template.php
+++ b/settings.template.php
@@ -36,6 +36,9 @@ $SETTINGS = [
         // API key
         "key" => "123"
     ],
+    // List of required user permissions to access this app.
+    "permissions" => [
+    ],
     // For supported values, see http://php.net/manual/en/timezones.php
     "timezone" => "America/Denver",
     // Language to use for localization. See langs folder to add a language.