diff --git a/src/components/layouts/UserSideBarLayout.vue b/src/components/layouts/UserSideBarLayout.vue
index 603f7a061..6cc19db6e 100644
--- a/src/components/layouts/UserSideBarLayout.vue
+++ b/src/components/layouts/UserSideBarLayout.vue
@@ -90,7 +90,9 @@
 <!--            <li>
               <a>Germplasm Inventory</a>
             </li>-->
-            <li>
+            <li
+                v-if="$ability.can('access', 'Germplasm')"
+            >
               <router-link
                   v-bind:to="{name: 'germplasm', params: {programId: activeProgram.id}}"
                   :id="germplasmMenuId"
@@ -98,31 +100,39 @@
                 Germplasm
               </router-link>
             </li>
-            <li>
+            <li
+                v-if="$ability.can('access', 'Experiment')"
+            >
               <router-link
                   v-bind:to="{name: 'experiments-observations', params: {programId: activeProgram.id}}"
               >
                 Experiments & Observations
               </router-link>
             </li>
-            <li>
+            <li
+                v-if="$ability.can('access', 'Ontology')"
+            >
               <router-link
                   v-bind:to="{name: 'ontology', params: {programId: activeProgram.id}}"
                   :id="ontologyMenuId"
+
               >
                 Ontology
               </router-link>
             </li>
-            <li>
+            <li
+                v-if="$ability.can('create', 'Import')"
+            >
               <router-link
                 v-bind:to="{name: 'import'}"
                 :id="importFileMenuId"
-                v-if="$ability.can('create', 'Import')"
               >
                 Import Data
               </router-link>
             </li>
-            <li>
+            <li
+                v-if="$ability.can('access', 'SampleManagement')"
+            >
               <router-link
                   v-bind:to="{name: 'sample-management', params: {programId: activeProgram.id}}"
                   :id="sampleMgmtMenuId"
@@ -138,7 +148,9 @@
               <a>Reports</a>
             </li>
             -->
-            <li>
+            <li
+                v-if="$ability.can('access', 'ProgramAdministration')"
+            >
               <router-link
                 v-bind:to="{name: 'program-administration', params: {programId: activeProgram.id}}"
                 :id="programManagementMenuId"
@@ -146,12 +158,16 @@
                 Program Administration
               </router-link>
             </li>
-            <li>
+            <li
+                v-if="$ability.can('access', 'BrAPI')"
+            >
               <router-link v-bind:to="{name: 'brapi-info', params: {programId: activeProgram.id}}" :id="brAPIMenuId">
                 BrAPI
               </router-link>
             </li>
-            <li>
+            <li
+                v-if="$ability.can('access', 'JobManagement')"
+            >
               <router-link
                   v-bind:to="{name: 'job-management', params: {programId: activeProgram.id}}"
                   :id="jobManagementMenuId"
diff --git a/src/config/AppAbility.ts b/src/config/AppAbility.ts
index a36a8e8a2..f3cb76e4c 100644
--- a/src/config/AppAbility.ts
+++ b/src/config/AppAbility.ts
@@ -18,7 +18,8 @@
 import {Ability, AbilityClass} from '@casl/ability';
 
 type Actions = 'manage' | 'create' | 'read' | 'update' | 'delete' | 'archive' | 'access' | 'submit';
-type Subjects = 'ProgramUser' | 'Location' | 'User' | 'AdminSection' | 'Trait' | 'Import' | 'ProgramConfiguration' | 'Submission';
+type Subjects = 'ProgramUser' | 'Location' | 'User' | 'AdminSection' | 'Trait' | 'Import' | 'ProgramConfiguration' | 'Submission'
+    | 'Experiment' | 'Germplasm' | 'Ontology' | 'SampleManagement' | 'ProgramAdministration' | 'JobManagement' | 'Collaborator' | 'BrAPI' ;
 
 export type AppAbility = Ability<[Actions, Subjects]>;
 export const AppAbility = Ability as AbilityClass<AppAbility>;
\ No newline at end of file
diff --git a/src/config/ability.ts b/src/config/ability.ts
index 2d8c34fa5..531ec7d9a 100644
--- a/src/config/ability.ts
+++ b/src/config/ability.ts
@@ -25,6 +25,17 @@ type DefinePermissions = (user: User, builder: AbilityBuilder<AppAbility>) => vo
 
 const rolePermissions: Record<string, DefinePermissions> = {
   readonly(user, { can }) {
+    can('access', 'Experiment');
+    can('access', 'Ontology');
+    can('access', 'Germplasm');
+    can('access', 'ProgramAdministration');
+    can('access', 'SampleManagement');
+    can('access', 'BrAPI');
+    can('access', 'JobManagement');
+  },
+  experimentalcollaborator(user, { can }) {
+    can('access', 'Experiment');
+    can('access', 'BrAPI');
   },
   programadministrator(user, { can }) {
     can('create', 'ProgramUser');
@@ -40,14 +51,35 @@ const rolePermissions: Record<string, DefinePermissions> = {
     can('access', 'ProgramConfiguration');
     can('create', 'ProgramConfiguration');
     can('update', 'ProgramConfiguration');
+    can('access', 'Experiment');
+    can('access', 'Ontology');
+    can('access', 'Germplasm');
+    can('access', 'SampleManagement');
+    can('access', 'ProgramAdministration');
+    can('access', 'BrAPI');
+    can('access', 'JobManagement');
+    can('create', 'Collaborator');
+
   },
   systemadministrator(user, { can }) {
     can('create', 'ProgramUser');
     can('update', 'ProgramUser');
     can('archive', 'ProgramUser');
+    can('create', 'Location');
+    can('update', 'Location');
+    can('archive', 'Location');
     can('manage', 'User');
     can('access', 'AdminSection');
     can('submit', 'Submission');
+    can('access', 'Experiment');
+    can('access', 'Ontology');
+    can('access', 'Germplasm');
+    can('access', 'SampleManagement');
+    can('access', 'ProgramAdministration');
+    can('access', 'BrAPI');
+    can('access', 'JobManagement');
+    can('create', 'Collaborator');
+
   }
 };
 
@@ -81,7 +113,6 @@ export function defineAbilityFor(user: User | undefined, program: Program | unde
             programRole.program.id === program.id && programRole.domain &&
             programRole.active &&
             typeof rolePermissions[roleFunctionName] === 'function') {
-
             rolePermissions[roleFunctionName](user, builder);
           }
         }
diff --git a/src/views/experiments-and-observations/ExperimentDetails.vue b/src/views/experiments-and-observations/ExperimentDetails.vue
index f543fd503..36e73b7a2 100644
--- a/src/views/experiments-and-observations/ExperimentDetails.vue
+++ b/src/views/experiments-and-observations/ExperimentDetails.vue
@@ -201,7 +201,7 @@ export default class ExperimentDetails extends ProgramsBase {
   private actions: ActionMenuItem[] = [
       new ActionMenuItem('experiment-import-file', 'import-file', 'Import file', this.$ability.can('create', 'Import')),
       new ActionMenuItem('experiment-download-file', 'download-file', 'Download file'),
-      new ActionMenuItem('experiment-add-collaborator', 'add-collaborator', 'Add Collaborator'),
+      new ActionMenuItem('experiment-add-collaborator', 'add-collaborator', 'Add Collaborator',  this.$ability.can('create', 'Collaborator')),
       // new ActionMenuItem('experiment-create-sub-entity-dataset', 'create-sub-entity-dataset', 'Create Sub-Entity Dataset')
   ];