diff --git a/client.php b/client.php
index 76139efa..e04cbcc0 100644
--- a/client.php
+++ b/client.php
@@ -235,7 +235,7 @@ $location_phone = formatPhoneNumber($location_phone);
         } 
         ?>
       </div>
-      <?php if($session_user_role == 1 OR $session_user_role > 2){ ?>
+      <?php if($session_user_role == 1 OR $session_user_role == 3){ ?>
       <div class="col-md-3 border-left">
         <h4 class="text-secondary">Billing</h4>
         <h6 class="ml-1 text-secondary">Paid <div class="text-dark float-right"> <?php echo numfmt_format_currency($currency_format, $amount_paid, $client_currency_code); ?></div></h6>
@@ -248,20 +248,22 @@ $location_phone = formatPhoneNumber($location_phone);
         <h6 class="ml-1 text-secondary">Open Tickets <div class="text-dark float-right"><?php echo $num_active_tickets; ?></div></h6>
       </div>
       <div class="col-md-1 border-left">
-        <div class="dropdown dropleft text-center">
-          <button class="btn btn-dark btn-sm float-right" type="button" data-toggle="dropdown">
-            <i class="fas fa-fw fa-ellipsis-v"></i>
-          </button>
-          <div class="dropdown-menu">
-            <a class="dropdown-item" href="client_print.php?client_id=<?php echo $client_id; ?>">Print</a>
-            <a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>" target="_blank">Export PDF<br><small class="text-secondary">(without passwords)</small></a>
-            <a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>&passwords" target="_blank">Export PDF<br><small class="text-secondary">(with passwords)</small></a>
-            <div class="dropdown-divider"></div>
-            <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit</a>
-            <div class="dropdown-divider"></div>
-            <a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete</a>
+        <?php if($session_user_role == 3) { ?>
+          <div class="dropdown dropleft text-center">
+            <button class="btn btn-dark btn-sm float-right" type="button" data-toggle="dropdown">
+              <i class="fas fa-fw fa-ellipsis-v"></i>
+            </button>
+            <div class="dropdown-menu">
+              <a class="dropdown-item" href="client_print.php?client_id=<?php echo $client_id; ?>">Print</a>
+              <a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>" target="_blank">Export PDF<br><small class="text-secondary">(without passwords)</small></a>
+              <a class="dropdown-item" href="post.php?export_client_pdf=<?php echo $client_id; ?>&passwords" target="_blank">Export PDF<br><small class="text-secondary">(with passwords)</small></a>
+              <div class="dropdown-divider"></div>
+              <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit</a>
+              <div class="dropdown-divider"></div>
+              <a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete</a>
+            </div>
           </div>
-        </div>
+        <?php } ?>
       </div>
     </div>
   </div>
diff --git a/client_assets.php b/client_assets.php
index 87992935..0fead289 100644
--- a/client_assets.php
+++ b/client_assets.php
@@ -346,10 +346,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                   <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editAssetModal<?php echo $asset_id; ?>">Edit</a>
                   <a class="dropdown-item" href="#" data-toggle="modal" data-target="#copyAssetModal<?php echo $asset_id; ?>">Copy</a>
                   <?php if($ticket_count > 0){ ?>
-                  <a class="dropdown-item" href="#" data-toggle="modal" data-target="#assetTicketsModal<?php echo $asset_id; ?>">Tickets (<?php echo $ticket_count; ?>)</a>
+                    <a class="dropdown-item" href="#" data-toggle="modal" data-target="#assetTicketsModal<?php echo $asset_id; ?>">Tickets (<?php echo $ticket_count; ?>)</a>
+                  <?php } ?>
+                  <?php if($session_user_role == 3) { ?>
+                    <div class="dropdown-divider"></div>
+                    <a class="dropdown-item text-danger" href="post.php?delete_asset=<?php echo $asset_id; ?>">Delete</a>
                   <?php } ?>
-                  <div class="dropdown-divider"></div>
-                  <a class="dropdown-item text-danger" href="post.php?delete_asset=<?php echo $asset_id; ?>">Delete</a>
                 </div>
               </div>
             </td>
diff --git a/client_certificates.php b/client_certificates.php
index df820aa0..19f00f85 100644
--- a/client_certificates.php
+++ b/client_certificates.php
@@ -112,8 +112,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                 </button>
                 <div class="dropdown-menu">
                   <a class="dropdown-item" href="#" data-toggle="modal" onclick="populateCertificateEditModal(<?php echo $client_id, ",", $certificate_id ?>)" data-target="#editCertificateModal">Edit</a>
-                  <div class="dropdown-divider"></div>
-                  <a class="dropdown-item text-danger" href="post.php?delete_certificate=<?php echo $certificate_id; ?>">Delete</a>
+                  <?php if($session_user_role == 3) { ?>
+                    <div class="dropdown-divider"></div>
+                    <a class="dropdown-item text-danger" href="post.php?delete_certificate=<?php echo $certificate_id; ?>">Delete</a>
+                  <?php } ?>
                 </div>
               </div>
             </td>
diff --git a/client_contacts.php b/client_contacts.php
index 680d148e..b883b1e4 100644
--- a/client_contacts.php
+++ b/client_contacts.php
@@ -219,10 +219,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                 <div class="dropdown-menu">
                   <a class="dropdown-item" href="#" data-toggle="modal" data-target="#contactDetailsModal<?php echo $contact_id; ?>">View Details</a>
                   <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editContactModal<?php echo $contact_id; ?>">Edit</a>
-                  <div class="dropdown-divider"></div>
-                  <a class="dropdown-item text-danger" href="post.php?archive_contact=<?php echo $contact_id; ?>">Archive</a>
-                  <div class="dropdown-divider"></div>
-                  <a class="dropdown-item text-danger text-bold" href="post.php?delete_contact=<?php echo $contact_id; ?>">Delete</a>
+                  <?php if($session_user_role == 3) { ?>
+                    <div class="dropdown-divider"></div>
+                    <a class="dropdown-item text-danger" href="post.php?archive_contact=<?php echo $contact_id; ?>">Archive</a>
+                    <div class="dropdown-divider"></div>
+                    <a class="dropdown-item text-danger text-bold" href="post.php?delete_contact=<?php echo $contact_id; ?>">Delete</a>
+                  <?php } ?>
                 </div>
               </div> 
             </td>
diff --git a/client_documents.php b/client_documents.php
index bbe50682..86afb59f 100644
--- a/client_documents.php
+++ b/client_documents.php
@@ -179,8 +179,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                 <div class="dropdown-menu">
                   <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editDocumentModal<?php echo $document_id; ?>">Edit</a>
                   <a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Document', $document_id"; ?>)">Share</a>
-                  <div class="dropdown-divider"></div>
-                  <a class="dropdown-item text-danger" href="post.php?delete_document=<?php echo $document_id; ?>">Delete</a>
+                  <?php if($session_user_role == 3) { ?>
+                    <div class="dropdown-divider"></div>
+                    <a class="dropdown-item text-danger" href="post.php?delete_document=<?php echo $document_id; ?>">Delete</a>
+                  <?php } ?>
                 </div>
               </div>
               <?php include("client_document_view_modal.php"); ?>      
diff --git a/client_domains.php b/client_domains.php
index 94b7d38c..3ddd7dc3 100644
--- a/client_domains.php
+++ b/client_domains.php
@@ -124,8 +124,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                 </button>
                 <div class="dropdown-menu">
                   <a class="dropdown-item" href="#" data-toggle="modal" onclick="populateDomainEditModal(<?php echo $client_id, ",", $domain_id ?>)" data-target="#editDomainModal">Edit</a>
-                  <div class="dropdown-divider"></div>
-                  <a class="dropdown-item text-danger" href="post.php?delete_domain=<?php echo $domain_id; ?>">Delete</a>
+                  <?php if($session_user_role == 3) { ?>
+                    <div class="dropdown-divider"></div>
+                    <a class="dropdown-item text-danger" href="post.php?delete_domain=<?php echo $domain_id; ?>">Delete</a>
+                  <?php } ?>
                 </div>
               </div>
             </td>
diff --git a/client_logins.php b/client_logins.php
index 1db58013..477e45be 100644
--- a/client_logins.php
+++ b/client_logins.php
@@ -148,8 +148,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                 <div class="dropdown-menu">
                   <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">Edit</a>
                   <a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">Share</a>
+                  <?php if($session_user_role == 3) { ?>
                     <div class="dropdown-divider"></div>
-                  <a class="dropdown-item text-danger" href="post.php?delete_login=<?php echo $login_id; ?>">Delete</a>
+                    <a class="dropdown-item text-danger" href="post.php?delete_login=<?php echo $login_id; ?>">Delete</a>
+                  <?php } ?>
                 </div>
               </div> 
             </td>
diff --git a/client_networks.php b/client_networks.php
index dbf9218a..4e599a46 100644
--- a/client_networks.php
+++ b/client_networks.php
@@ -138,8 +138,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                 </button>
                 <div class="dropdown-menu">
                   <a class="dropdown-item" href="#" data-toggle="modal" onclick="populateNetworkEditModal(<?php echo $client_id, ",", $network_id ?>)" data-target="#editNetworkModal">Edit</a>
-                  <div class="dropdown-divider"></div>
-                  <a class="dropdown-item text-danger" href="post.php?delete_network=<?php echo $network_id; ?>">Delete</a>
+                  <?php if($session_user_role == 3) { ?>
+                    <div class="dropdown-divider"></div>
+                    <a class="dropdown-item text-danger" href="post.php?delete_network=<?php echo $network_id; ?>">Delete</a>
+                  <?php } ?>
                 </div>
               </div>
             </td>
diff --git a/client_routes.php b/client_routes.php
index 7eb796e3..0a2e87a2 100644
--- a/client_routes.php
+++ b/client_routes.php
@@ -14,58 +14,90 @@ if(isset($_GET['tab'])){
     include("client_departments.php");
   }
   elseif($_GET['tab'] == "assets"){
-    include("client_assets.php");
+    if($session_user_role > 1) {
+      include("client_assets.php");
+    }
   }
   elseif($_GET['tab'] == "workstations"){
-    include("client_assets_workstations.php");
+    if($session_user_role > 1) {
+      include("client_assets_workstations.php");
+    }
   }
   elseif($_GET['tab'] == "tickets"){
-    include("client_tickets.php");
+    if($session_user_role > 1) {
+      include("client_tickets.php");
+    }
   }
   elseif($_GET['tab'] == "vendors"){
     include("client_vendors.php");
   }
   elseif($_GET['tab'] == "logins"){
-    include("client_logins.php");
+    if($session_user_role > 1) {
+      include("client_logins.php");
+    }
   }
   elseif($_GET['tab'] == "networks"){
-    include("client_networks.php");
+    if($session_user_role > 1) {
+      include("client_networks.php");
+    }
   }
   elseif($_GET['tab'] == "domains"){
-    include("client_domains.php");
+    if($session_user_role > 1) {
+      include("client_domains.php");
+    }
   }
   elseif($_GET['tab'] == "certificates"){
-    include("client_certificates.php");
+    if($session_user_role > 1) {
+      include("client_certificates.php");
+    }
   }
   elseif($_GET['tab'] == "software"){
-    include("client_software.php");
+    if($session_user_role > 1) {
+      include("client_software.php");
+    }
   }
   elseif($_GET['tab'] == "invoices"){
-    include("client_invoices.php");
+    if($session_user_role == 1 OR $session_user_role == 3) {
+      include("client_invoices.php");
+    }
   }
   elseif($_GET['tab'] == "recurring_invoices"){
-    include("client_recurring_invoices.php");
+    if($session_user_role == 1 OR $session_user_role == 3) {
+      include("client_recurring_invoices.php");
+    }
   }
   elseif($_GET['tab'] == "payments"){
-    include("client_payments.php");
+    if($session_user_role == 1 OR $session_user_role == 3) {
+      include("client_payments.php");
+    }
   }
   elseif($_GET['tab'] == "quotes"){
-    include("client_quotes.php");
+    if($session_user_role == 1 OR $session_user_role == 3) {
+      include("client_quotes.php");
+    }
   }
   elseif($_GET['tab'] == "trips"){
-    include("client_trips.php");
+    if($session_user_role == 1 OR $session_user_role == 3) {
+      include("client_trips.php");
+    }
   }
   elseif($_GET['tab'] == "events"){
     include("client_events.php");
   }
   elseif($_GET['tab'] == "files"){
-    include("client_files.php");
+    if($session_user_role > 1) {
+      include("client_files.php");
+    }
   }
   elseif($_GET['tab'] == "documents"){
-    include("client_documents.php");
+    if($session_user_role > 1) {
+      include("client_documents.php");
+    }
   }
   elseif($_GET['tab'] == "services"){
+    if($session_user_role > 1) {
       include("client_services.php");
+    }
   }
   elseif($_GET['tab'] == "logs"){
       include("client_logs.php");
diff --git a/client_services.php b/client_services.php
index d72b405e..e137baf1 100644
--- a/client_services.php
+++ b/client_services.php
@@ -91,8 +91,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                             </button>
                             <div class="dropdown-menu">
                                 <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editServiceModal<?php echo $service_id; ?>">Edit</a>
-                                <div class="dropdown-divider"></div>
-                                <a class="dropdown-item text-danger" href="post.php?delete_service=<?php echo $service_id; ?>">Delete</a>
+                                <?php if($session_user_role == 3) { ?>
+                                  <div class="dropdown-divider"></div>
+                                  <a class="dropdown-item text-danger" href="post.php?delete_service=<?php echo $service_id; ?>">Delete</a>
+                                <?php } ?>
                             </div>
                         </div>
                     </td>
diff --git a/client_software.php b/client_software.php
index 75ac57f8..740b6bbc 100644
--- a/client_software.php
+++ b/client_software.php
@@ -186,8 +186,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                 </button>
                 <div class="dropdown-menu">
                   <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editSoftwareModal<?php echo $software_id; ?>">Edit</a>
-                  <div class="dropdown-divider"></div>
-                  <a class="dropdown-item text-danger" href="post.php?delete_software=<?php echo $software_id; ?>">Delete</a>
+                  <?php if($session_user_role == 3) { ?>
+                    <div class="dropdown-divider"></div>
+                    <a class="dropdown-item text-danger" href="post.php?delete_software=<?php echo $software_id; ?>">Delete</a>
+                  <?php } ?>
                 </div>
               </div> 
             </td>
diff --git a/client_tickets.php b/client_tickets.php
index a5f58320..534df573 100644
--- a/client_tickets.php
+++ b/client_tickets.php
@@ -191,8 +191,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                   </button>
                   <div class="dropdown-menu">
                     <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editTicketModal<?php echo $ticket_id; ?>">Edit</a>
-                    <div class="dropdown-divider"></div>
-                    <a class="dropdown-item text-danger" href="post.php?delete_ticket=<?php echo $ticket_id; ?>">Delete</a>
+                    <?php if($session_user_role == 3) { ?>
+                      <div class="dropdown-divider"></div>
+                      <a class="dropdown-item text-danger" href="post.php?delete_ticket=<?php echo $ticket_id; ?>">Delete</a>
+                    <?php } ?>
                   </div>
                 </div>
               <?php } ?>
diff --git a/client_vendors.php b/client_vendors.php
index 7e0cb211..ae9dcfab 100644
--- a/client_vendors.php
+++ b/client_vendors.php
@@ -175,8 +175,10 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                 </button>
                 <div class="dropdown-menu">
                   <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editVendorModal<?php echo $vendor_id; ?>">Edit</a>
-                  <div class="dropdown-divider"></div>
-                  <a class="dropdown-item text-danger" href="post.php?delete_vendor=<?php echo $vendor_id; ?>">Delete</a>
+                  <?php if($session_user_role == 3) { ?>
+                    <div class="dropdown-divider"></div>
+                    <a class="dropdown-item text-danger" href="post.php?delete_vendor=<?php echo $vendor_id; ?>">Delete</a>
+                  <?php } ?>
                 </div>
               </div>
             </td>
diff --git a/clients.php b/clients.php
index 5de1d043..47fbf741 100644
--- a/clients.php
+++ b/clients.php
@@ -107,7 +107,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
   <div class="card-header py-2">
     <h3 class="card-title mt-2"><i class="fa fa-fw fa-users"></i> Clients</h3>
     <div class="card-tools">
-      <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addClientModal"><i class="fas fa-fw fa-plus"></i> New Client</button>
+      <?php if($session_user_role == 3) { ?>
+        <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addClientModal"><i class="fas fa-fw fa-plus"></i> New Client</button>
+      <?php } ?>
     </div>
   </div>
 
@@ -165,8 +167,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
             <th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=client_name&order=<?php echo $order_display; ?>">Name</a></th>
             <th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=location_city&order=<?php echo $order_display; ?>">Address </a></th>
             <th><a class="text-dark" href="?<?php echo $url_query_strings_sortby; ?>&sortby=contact_name&order=<?php echo $order_display; ?>">Contact</a></th>
-            <th class="text-right">Billing</th>
-            <th class="text-center">Action</th>
+            <?php if($session_user_role == 3 OR $session_user_role == 1) { ?> <th class="text-right">Billing</th> <?php } ?>
+            <?php if($session_user_role == 3) { ?> <th class="text-center">Action</th> <?php } ?>
           </tr>
         </thead>
         <tbody>
@@ -306,23 +308,31 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
               }
               ?>
             </td>
-            <td class="text-right">
-              <span class="text-secondary">Balance</span> <span class="<?php echo $balance_text_color; ?>"><?php echo numfmt_format_currency($currency_format, $balance, $session_company_currency); ?></span>
-              <br>
-              <span class="text-secondary">Paid</span> <?php echo numfmt_format_currency($currency_format, $amount_paid, $session_company_currency); ?>
-            </td>
-            <td>
-              <div class="dropdown dropleft text-center">
-                <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
-                  <i class="fas fa-ellipsis-h"></i>
-                </button>
-                <div class="dropdown-menu">
-                  <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit</a>
-                  <div class="dropdown-divider"></div>
-                  <a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete</a>
+
+            <!-- Show Billing for Admin/Accountant roles only -->
+            <?php if($session_user_role == 3 OR $session_user_role == 1) { ?>
+              <td class="text-right">
+                <span class="text-secondary">Balance</span> <span class="<?php echo $balance_text_color; ?>"><?php echo numfmt_format_currency($currency_format, $balance, $session_company_currency); ?></span>
+                <br>
+                <span class="text-secondary">Paid</span> <?php echo numfmt_format_currency($currency_format, $amount_paid, $session_company_currency); ?>
+              </td>
+            <?php } ?>
+
+            <!-- Show actions for Admin role only -->
+            <?php //if($session_user_role == 3) { ?>
+              <td>
+                <div class="dropdown dropleft text-center">
+                  <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                    <i class="fas fa-ellipsis-h"></i>
+                  </button>
+                  <div class="dropdown-menu">
+                    <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">Edit</a>
+                    <div class="dropdown-divider"></div>
+                    <a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">Delete</a>
+                  </div>
                 </div>
-              </div>
-            </td>
+              </td>
+            <?php //} ?>
           </tr>
 
           <?php
diff --git a/inc_all_admin.php b/inc_all_admin.php
index cbe2fce1..122c9782 100644
--- a/inc_all_admin.php
+++ b/inc_all_admin.php
@@ -3,6 +3,14 @@
 include("config.php");
 include_once("functions.php");
 include("check_login.php");
+
+if($session_user_role != 3){
+  $_SESSION['alert_type'] = "danger";
+  $_SESSION['alert_message'] = "You are not permitted to do that!";
+  header("Location: index.php");
+  exit();
+}
+
 include("header.php");
 include("top_nav.php");
 include("admin_side_nav.php");
diff --git a/post.php b/post.php
index 597d01e4..c0ef8434 100644
--- a/post.php
+++ b/post.php
@@ -51,6 +51,13 @@ if(isset($_GET['switch_company'])){
 
 if(isset($_POST['add_user'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
     $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
@@ -126,6 +133,13 @@ if(isset($_POST['add_user'])){
 
 if(isset($_POST['edit_user'])){
 
+    if($session_user_role != 3 && $_POST['user_id'] !== $session_user_id){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $user_id = intval($_POST['user_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
@@ -333,6 +347,14 @@ if(isset($_POST['edit_user_companies'])){
 }
 
 if(isset($_GET['archive_user'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $user_id = intval($_GET['archive_user']);
 
     mysqli_query($mysqli,"UPDATE users SET user_archived_at = NOW() WHERE user_id = $user_id");
@@ -352,6 +374,14 @@ if(isset($_GET['archive_user'])){
 }
 
 if(isset($_GET['delete_user'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $user_id = intval($_GET['delete_user']);
 
     mysqli_query($mysqli,"DELETE FROM users WHERE user_id = $user_id");
@@ -378,6 +408,13 @@ if(isset($_GET['delete_user'])){
 // API Key
 if(isset($_POST['add_api_key'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire'])));
     // Gen a Key
@@ -398,6 +435,13 @@ if(isset($_POST['add_api_key'])){
 
 if(isset($_POST['edit_api_key'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $api_key_id = intval($_POST['api_key_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire'])));
@@ -414,6 +458,14 @@ if(isset($_POST['edit_api_key'])){
 }
 
 if(isset($_GET['delete_api_key'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $api_key_id = intval($_GET['delete_api_key']);
 
     // Get API Key Name
@@ -435,6 +487,13 @@ if(isset($_GET['delete_api_key'])){
 
 if(isset($_POST['add_company'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $address = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['address'])));
     $city = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['city'])));
@@ -533,6 +592,13 @@ if(isset($_POST['add_company'])){
 }
 
 if(isset($_POST['edit_company'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
     $company_id = intval($_POST['company_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $address = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['address'])));
@@ -629,6 +695,14 @@ if(isset($_GET['archive_company'])){
 }
 
 if(isset($_GET['delete_company'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $company_id = intval($_GET['delete_company']);
 
     //Get Company Name
@@ -716,6 +790,13 @@ if(isset($_POST['verify'])){
 
 if(isset($_POST['edit_general_settings'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $config_base_url = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_base_url'])));
     $mesh_uri = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['meshcentral_uri'])));
     $mesh_user = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['meshcentral_user'])));
@@ -736,6 +817,13 @@ if(isset($_POST['edit_general_settings'])){
 
 if(isset($_POST['edit_mail_settings'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $config_smtp_host = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_smtp_host'])));
     $config_smtp_port = intval($_POST['config_smtp_port']);
     $config_smtp_username = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_smtp_username'])));
@@ -781,6 +869,14 @@ if(isset($_POST['edit_mail_settings'])){
 }
 
 if(isset($_POST['test_email'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
 
     $mail = new PHPMailer(true);
@@ -818,6 +914,13 @@ if(isset($_POST['test_email'])){
 
 if(isset($_POST['edit_invoice_settings'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $config_invoice_prefix = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_invoice_prefix'])));
     $config_invoice_next_number = intval($_POST['config_invoice_next_number']);
     $config_invoice_footer = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_invoice_footer'])));
@@ -840,6 +943,13 @@ if(isset($_POST['edit_invoice_settings'])){
 
 if(isset($_POST['edit_quote_settings'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $config_quote_prefix = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_quote_prefix'])));
     $config_quote_next_number = intval($_POST['config_quote_next_number']);
     $config_quote_footer = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_quote_footer'])));
@@ -859,6 +969,13 @@ if(isset($_POST['edit_quote_settings'])){
 
 if(isset($_POST['edit_ticket_settings'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $config_ticket_prefix = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_ticket_prefix'])));
     $config_ticket_next_number = intval($_POST['config_ticket_next_number']);
     $config_ticket_from_email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_ticket_from_email'])));
@@ -877,6 +994,13 @@ if(isset($_POST['edit_ticket_settings'])){
 
 if(isset($_POST['edit_default_settings'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $expense_account = intval($_POST['expense_account']);
     $payment_account = intval($_POST['payment_account']);
     $payment_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['payment_method'])));
@@ -898,6 +1022,13 @@ if(isset($_POST['edit_default_settings'])){
 
 if(isset($_POST['edit_alert_settings'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $config_enable_cron = intval($_POST['config_enable_cron']);
     $config_enable_alert_domain_expire = intval($_POST['config_enable_alert_domain_expire']);
     $config_send_invoice_reminders = intval($_POST['config_send_invoice_reminders']);
@@ -916,6 +1047,13 @@ if(isset($_POST['edit_alert_settings'])){
 
 if(isset($_POST['edit_online_payment_settings'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $config_stripe_enable = intval($_POST['config_stripe_enable']);
     $config_stripe_publishable = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_stripe_publishable'])));
     $config_stripe_secret = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['config_stripe_secret'])));
@@ -960,6 +1098,13 @@ if(isset($_POST['disable_2fa'])){
 
 if(isset($_GET['download_database'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     // Get All Table Names From the Database
     $tables = array();
     $sql = "SHOW TABLES";
@@ -1039,7 +1184,12 @@ if(isset($_GET['download_database'])){
 
 if(isset($_POST['backup_master_key'])){
 
-    //TODO: Verify the user is authorised to view the key?
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
 
     $password = $_POST['password'];
 
@@ -1070,7 +1220,14 @@ if(isset($_POST['backup_master_key'])){
 }
 
 if(isset($_GET['update'])){
-    //also check to make sure someone has admin before running this function
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     exec("git pull");
 
     //FORCE UPDATE FUNCTION (Will be added later as a checkbox)
@@ -1092,6 +1249,13 @@ if(isset($_GET['update'])){
 
 if(isset($_GET['update_db'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     //Alter SQL Structure
 
     //Put ID Here
@@ -1120,6 +1284,13 @@ if(isset($_GET['update_db'])){
 
 if(isset($_POST['add_client'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['type'])));
     $location_phone = preg_replace("/[^0-9]/", '',$_POST['location_phone']);
@@ -1195,6 +1366,13 @@ if(isset($_POST['add_client'])){
 
 if(isset($_POST['edit_client'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_POST['client_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['type'])));
@@ -1226,7 +1404,8 @@ if(isset($_POST['edit_client'])){
 }
 
 if(isset($_GET['delete_client'])){
-    if($session_user_role !== "3"){
+
+    if($session_user_role != 3){
         $_SESSION['alert_type'] = "danger";
         $_SESSION['alert_message'] = "You are not permitted to do that!";
         header("Location: " . $_SERVER["HTTP_REFERER"]);
@@ -3973,6 +4152,13 @@ if(isset($_GET['delete_revenue'])){
 
 if(isset($_POST['add_contact'])){
 
+    if($session_user_role = 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_POST['client_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['title'])));
@@ -4053,6 +4239,13 @@ if(isset($_POST['add_contact'])){
 
 if(isset($_POST['edit_contact'])){
 
+    if($session_user_role = 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $contact_id = intval($_POST['contact_id']);
     $client_id = intval($_POST['client_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@@ -4141,6 +4334,14 @@ if(isset($_POST['edit_contact'])){
 }
 
 if(isset($_GET['archive_contact'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $contact_id = intval($_GET['archive_contact']);
 
     mysqli_query($mysqli,"UPDATE contacts SET contact_archived_at = NOW() WHERE contact_id = $contact_id");
@@ -4155,6 +4356,14 @@ if(isset($_GET['archive_contact'])){
 }
 
 if(isset($_GET['delete_contact'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $contact_id = intval($_GET['delete_contact']);
 
     mysqli_query($mysqli,"DELETE FROM contacts WHERE contact_id = $contact_id AND company_id = $session_company_id");
@@ -4212,6 +4421,13 @@ if(isset($_GET['export_client_contacts_csv'])){
 
 if(isset($_POST['add_location'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_POST['client_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $country = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['country'])));
@@ -4291,6 +4507,13 @@ if(isset($_POST['add_location'])){
 
 if(isset($_POST['edit_location'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $location_id = intval($_POST['location_id']);
     $client_id = intval($_POST['client_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@@ -4373,6 +4596,14 @@ if(isset($_POST['edit_location'])){
 }
 
 if(isset($_GET['delete_location'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $location_id = intval($_GET['delete_location']);
 
     mysqli_query($mysqli,"DELETE FROM locations WHERE location_id = $location_id AND company_id = $session_company_id");
@@ -4431,6 +4662,13 @@ if(isset($_GET['export_client_locations_csv'])){
 // Client Departments
 if(isset($_POST['add_department'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_POST['client_id']);
     $department_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['department_name'])));
 
@@ -4449,6 +4687,13 @@ if(isset($_POST['add_department'])){
 
 if(isset($_POST['edit_department'])){
 
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $department_id = intval($_POST['department_id']);
     $client_id = intval($_POST['client_id']);
     $department_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['department_name'])));
@@ -4465,6 +4710,14 @@ if(isset($_POST['edit_department'])){
 }
 
 if(isset($_GET['archive_department'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $department_id = intval($_GET['archive_department']);
 
     mysqli_query($mysqli,"UPDATE departments SET department_archived_at = NOW() WHERE department_id = $department_id");
@@ -4479,6 +4732,14 @@ if(isset($_GET['archive_department'])){
 }
 
 if(isset($_GET['delete_department'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $department_id = intval($_GET['delete_department']);
 
     mysqli_query($mysqli,"DELETE FROM departments WHERE department_id = $department_id AND company_id = $session_company_id");
@@ -4494,6 +4755,13 @@ if(isset($_GET['delete_department'])){
 
 if(isset($_POST['add_asset'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_POST['client_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['type'])));
@@ -4543,6 +4811,13 @@ if(isset($_POST['add_asset'])){
 
 if(isset($_POST['edit_asset'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $asset_id = intval($_POST['asset_id']);
     $login_id = intval($_POST['login_id']);
     $client_id = intval($_POST['client_id']);
@@ -4598,6 +4873,14 @@ if(isset($_POST['edit_asset'])){
 }
 
 if(isset($_GET['delete_asset'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $asset_id = intval($_GET['delete_asset']);
 
     mysqli_query($mysqli,"DELETE FROM assets WHERE asset_id = $asset_id AND company_id = $session_company_id");
@@ -4612,6 +4895,14 @@ if(isset($_GET['delete_asset'])){
 }
 
 if(isset($_POST["import_client_assets_csv"])){
+
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_POST['client_id']);
     $file_name = $_FILES["file"]["tmp_name"];
     $error = FALSE;
@@ -4741,6 +5032,14 @@ if(isset($_GET['download_client_assets_csv_template'])){
 }
 
 if(isset($_GET['export_client_assets_csv'])){
+
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_GET['export_client_assets_csv']);
 
     //get records from database
@@ -4783,6 +5082,13 @@ if(isset($_GET['export_client_assets_csv'])){
 
 if(isset($_POST['add_software'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_POST['client_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $version = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['version'])));
@@ -4840,6 +5146,13 @@ if(isset($_POST['add_software'])){
 
 if(isset($_POST['edit_software'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $software_id = intval($_POST['software_id']);
     $login_id = intval($_POST['login_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@@ -4903,6 +5216,14 @@ if(isset($_POST['edit_software'])){
 }
 
 if(isset($_GET['delete_software'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $software_id = intval($_GET['delete_software']);
 
     mysqli_query($mysqli,"DELETE FROM software WHERE software_id = $software_id AND company_id = $session_company_id");
@@ -4921,6 +5242,14 @@ if(isset($_GET['delete_software'])){
 }
 
 if(isset($_GET['export_client_software_csv'])){
+
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_GET['export_client_software_csv']);
 
     //get records from database
@@ -4963,6 +5292,13 @@ if(isset($_GET['export_client_software_csv'])){
 
 if(isset($_POST['add_login'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_POST['client_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $uri = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['uri'])));
@@ -4988,6 +5324,13 @@ if(isset($_POST['add_login'])){
 
 if(isset($_POST['edit_login'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $login_id = intval($_POST['login_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $uri = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['uri'])));
@@ -5012,6 +5355,14 @@ if(isset($_POST['edit_login'])){
 }
 
 if(isset($_GET['delete_login'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $login_id = intval($_GET['delete_login']);
 
     mysqli_query($mysqli,"DELETE FROM logins WHERE login_id = $login_id AND company_id = $session_company_id");
@@ -5026,6 +5377,14 @@ if(isset($_GET['delete_login'])){
 }
 
 if(isset($_GET['export_client_logins_csv'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_GET['export_client_logins_csv']);
 
     //get records from database
@@ -5069,7 +5428,14 @@ if(isset($_GET['export_client_logins_csv'])){
 
 if(isset($_POST['add_network'])){
 
-    $client_id = intval($_POST['client_id']);
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
+  $client_id = intval($_POST['client_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $vlan = intval($_POST['vlan']);
     $network = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['network'])));
@@ -5090,6 +5456,13 @@ if(isset($_POST['add_network'])){
 
 if(isset($_POST['edit_network'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $network_id = intval($_POST['network_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $vlan = intval($_POST['vlan']);
@@ -5110,6 +5483,13 @@ if(isset($_POST['edit_network'])){
 }
 
 if(isset($_GET['delete_network'])){
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $network_id = intval($_GET['delete_network']);
 
     mysqli_query($mysqli,"DELETE FROM networks WHERE network_id = $network_id AND company_id = $session_company_id");
@@ -5124,6 +5504,14 @@ if(isset($_GET['delete_network'])){
 }
 
 if(isset($_GET['export_client_networks_csv'])){
+
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_GET['export_client_networks_csv']);
 
     //get records from database
@@ -5165,6 +5553,13 @@ if(isset($_GET['export_client_networks_csv'])){
 }
 
 if(isset($_POST['add_certificate'])){
+
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
  
     $client_id = intval($_POST['client_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@@ -5188,8 +5583,6 @@ if(isset($_POST['add_certificate'])){
         $expire = "0000-00-00";
     }
 
-
-
     mysqli_query($mysqli,"INSERT INTO certificates SET certificate_name = '$name', certificate_domain = '$domain', certificate_issued_by = '$issued_by', certificate_expire = '$expire', certificate_created_at = NOW(), certificate_public_key = '$public_key', certificate_domain_id = $domain_id, certificate_client_id = $client_id, company_id = $session_company_id");
 
     //Logging
@@ -5203,6 +5596,13 @@ if(isset($_POST['add_certificate'])){
 
 if(isset($_POST['edit_certificate'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $certificate_id = intval($_POST['certificate_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $domain = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['domain'])));
@@ -5237,6 +5637,14 @@ if(isset($_POST['edit_certificate'])){
 }
 
 if(isset($_GET['delete_certificate'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $certificate_id = intval($_GET['delete_certificate']);
 
     mysqli_query($mysqli,"DELETE FROM certificates WHERE certificate_id = $certificate_id AND company_id = $session_company_id");
@@ -5251,6 +5659,14 @@ if(isset($_GET['delete_certificate'])){
 }
 
 if(isset($_GET['export_client_certificates_csv'])){
+
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_GET['export_client_certificates_csv']);
 
     //get records from database
@@ -5293,6 +5709,13 @@ if(isset($_GET['export_client_certificates_csv'])){
 
 if(isset($_POST['add_domain'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_POST['client_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $registrar = intval($_POST['registrar']);
@@ -5338,6 +5761,13 @@ if(isset($_POST['add_domain'])){
 
 if(isset($_POST['edit_domain'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $domain_id = intval($_POST['domain_id']);
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $registrar = intval($_POST['registrar']);
@@ -5382,6 +5812,14 @@ if(isset($_POST['edit_domain'])){
 }
 
 if(isset($_GET['delete_domain'])){
+
+      if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $domain_id = intval($_GET['delete_domain']);
 
     mysqli_query($mysqli,"DELETE FROM domains WHERE domain_id = $domain_id AND company_id = $session_company_id");
@@ -5396,6 +5834,14 @@ if(isset($_GET['delete_domain'])){
 }
 
 if(isset($_GET['export_client_domains_csv'])){
+
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_GET['export_client_domains_csv']);
 
     //get records from database
@@ -5439,6 +5885,13 @@ if(isset($_GET['export_client_domains_csv'])){
 
 if(isset($_POST['add_ticket'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     // HTML Purifier
     require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
     $purifier_config = HTMLPurifier_Config::createDefault();
@@ -5477,6 +5930,13 @@ if(isset($_POST['add_ticket'])){
 
 if(isset($_POST['add_scheduled_ticket'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     // HTML Purifier
     require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
     $purifier_config = HTMLPurifier_Config::createDefault();
@@ -5512,6 +5972,13 @@ if(isset($_POST['add_scheduled_ticket'])){
 
 if(isset($_POST['edit_scheduled_ticket'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     // HTML Purifier
     require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
     $purifier_config = HTMLPurifier_Config::createDefault();
@@ -5540,6 +6007,14 @@ if(isset($_POST['edit_scheduled_ticket'])){
 }
 
 if(isset($_GET['delete_scheduled_ticket'])){
+
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $scheduled_ticket_id = intval($_GET['delete_scheduled_ticket']);
 
     // Delete
@@ -5555,6 +6030,13 @@ if(isset($_GET['delete_scheduled_ticket'])){
 
 if(isset($_POST['edit_ticket'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     // HTML Purifier
     require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
     $purifier_config = HTMLPurifier_Config::createDefault();
@@ -5582,6 +6064,13 @@ if(isset($_POST['edit_ticket'])){
 
 if(isset($_POST['assign_ticket'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $ticket_id = intval($_POST['ticket_id']);
     $assigned_to = intval($_POST['assigned_to']);
 
@@ -5599,6 +6088,14 @@ if(isset($_POST['assign_ticket'])){
 }
 
 if(isset($_GET['delete_ticket'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $ticket_id = intval($_GET['delete_ticket']);
 
     mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_id = $ticket_id AND company_id = $session_company_id");
@@ -5614,7 +6111,14 @@ if(isset($_GET['delete_ticket'])){
 
 if(isset($_POST['add_ticket_reply'])){
 
-    // HTML Purifier
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
+  // HTML Purifier
     require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
     $purifier_config = HTMLPurifier_Config::createDefault();
     $purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
@@ -5701,7 +6205,14 @@ if(isset($_POST['add_ticket_reply'])){
 
 if(isset($_POST['edit_ticket_reply'])){
 
-    // HTML Purifier
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
+  // HTML Purifier
     require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
     $purifier_config = HTMLPurifier_Config::createDefault();
     $purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
@@ -5722,6 +6233,14 @@ if(isset($_POST['edit_ticket_reply'])){
 }
 
 if(isset($_GET['archive_ticket_reply'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $ticket_reply_id = intval($_GET['archive_ticket_reply']);
 
     mysqli_query($mysqli,"UPDATE ticket_replies SET ticket_reply_archived_at = NOW() WHERE ticket_reply_id = $ticket_reply_id AND company_id = $session_company_id");
@@ -5736,6 +6255,14 @@ if(isset($_GET['archive_ticket_reply'])){
 }
 
 if(isset($_POST['merge_ticket'])){
+
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $ticket_id = intval($_POST['ticket_id']);
     $merge_into_ticket_number = intval($_POST['merge_into_ticket_number']);
     $merge_comment = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['merge_comment'])));
@@ -5787,6 +6314,13 @@ if(isset($_POST['merge_ticket'])){
 
 if(isset($_GET['close_ticket'])){
 
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $ticket_id = intval($_GET['close_ticket']);
 
     mysqli_query($mysqli,"UPDATE tickets SET ticket_status = 'Closed', ticket_updated_at = NOW(), ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id AND company_id = $session_company_id") or die(mysqli_error($mysqli));
@@ -5895,6 +6429,14 @@ if(isset($_POST['add_invoice_from_ticket'])){
 }
 
 if(isset($_GET['export_client_tickets_csv'])){
+
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_GET['export_client_tickets_csv']);
 
     //get records from database
@@ -5936,6 +6478,14 @@ if(isset($_GET['export_client_tickets_csv'])){
 }
 
 if(isset($_POST['add_service'])){
+
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_POST['client_id']);
     $service_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
     $service_description = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['description'])));
@@ -6028,6 +6578,14 @@ if(isset($_POST['add_service'])){
 }
 
 if(isset($_POST['edit_service'])){
+
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_POST['client_id']);
     $service_id = intval($_POST['service_id']);
     $service_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
@@ -6122,6 +6680,14 @@ if(isset($_POST['edit_service'])){
 }
 
 if(isset($_GET['delete_service'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $service_id = intval($_GET['delete_service']);
 
     // Delete service
@@ -6210,6 +6776,14 @@ if(isset($_POST['add_file'])){
 }
 
 if(isset($_GET['delete_file'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $file_id = intval($_GET['delete_file']);
 
     $sql_file = mysqli_query($mysqli,"SELECT * FROM files WHERE file_id = $file_id AND company_id = $session_company_id");
@@ -6232,7 +6806,14 @@ if(isset($_GET['delete_file'])){
 
 if(isset($_POST['add_document'])){
 
-    // HTML Purifier
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
+  // HTML Purifier
     require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
     $purifier_config = HTMLPurifier_Config::createDefault();
     $purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
@@ -6267,7 +6848,14 @@ if(isset($_POST['add_document'])){
 
 if(isset($_POST['edit_document'])){
 
-    // HTML Purifier
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
+  // HTML Purifier
     require("plugins/htmlpurifier/HTMLPurifier.standalone.php");
     $purifier_config = HTMLPurifier_Config::createDefault();
     $purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
@@ -6303,6 +6891,14 @@ if(isset($_POST['edit_document'])){
 }
 
 if(isset($_GET['delete_document'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $document_id = intval($_GET['delete_document']);
 
     mysqli_query($mysqli,"DELETE FROM documents WHERE document_id = $document_id AND company_id = $session_company_id");
@@ -6320,6 +6916,14 @@ if(isset($_GET['delete_document'])){
 }
 
 if (isset($_POST['add_document_tag'])) {
+
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_POST['client_id']);
     $tag_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['tag_name'])));
 
@@ -6330,6 +6934,14 @@ if (isset($_POST['add_document_tag'])) {
 }
 
 if (isset($_POST['delete_document_tag'])) {
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $tag_id = intval($_POST['tag_id']);
 
     // Delete the tag ID
@@ -6343,6 +6955,14 @@ if (isset($_POST['delete_document_tag'])) {
 }
 
 if (isset($_POST['rename_document_tag'])) {
+
+    if($session_user_role == 1){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $tag_id = intval($_POST['tag_id']);
     $tag_new_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['tag_new_name'])));
 
@@ -6760,6 +7380,14 @@ if(isset($_GET['export_client_trips_csv'])){
 }
 
 if(isset($_GET['export_client_pdf'])){
+
+    if($session_user_role != 3){
+      $_SESSION['alert_type'] = "danger";
+      $_SESSION['alert_message'] = "You are not permitted to do that!";
+      header("Location: " . $_SERVER["HTTP_REFERER"]);
+      exit();
+    }
+
     $client_id = intval($_GET['export_client_pdf']);
 
     //get records from database
diff --git a/side_nav.php b/side_nav.php
index 7eaab778..d9eb4677 100644
--- a/side_nav.php
+++ b/side_nav.php
@@ -74,7 +74,7 @@
           </a>
         </li>
         
-        <?php if($session_user_role > 2){ ?>
+        <?php if($session_user_role >= 2){ ?>
 
         <li class="nav-header mt-3">SUPPORT</li>
         <li class="nav-item">
@@ -105,7 +105,7 @@
 
         <?php } ?>
 
-        <?php if($session_user_role == 1 OR $session_user_role > 2){ ?> 
+        <?php if($session_user_role == 1 OR $session_user_role == 3){ ?>
 
         <li class="nav-header mt-3">SALES</li>
         <li class="nav-item">
diff --git a/ticket.php b/ticket.php
index 44288283..99082af4 100644
--- a/ticket.php
+++ b/ticket.php
@@ -192,8 +192,10 @@ if(isset($_GET['ticket_id'])){
       <div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
         <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editTicketModal<?php echo $ticket_id; ?>">Edit</a>
         <a class="dropdown-item" href="#" data-toggle="modal" data-target="#mergeTicketModal<?php echo $ticket_id; ?>">Merge</a>
-        <div class="dropdown-divider"></div>
-        <a class="dropdown-item text-danger" href="post.php?delete_ticket=<?php echo $ticket_id; ?>">Delete</a>
+        <?php if($session_user_role == 3) { ?>
+          <div class="dropdown-divider"></div>
+          <a class="dropdown-item text-danger" href="post.php?delete_ticket=<?php echo $ticket_id; ?>">Delete</a>
+        <?php } ?>
       </div>
     </div>
   </div>
@@ -327,8 +329,10 @@ if(isset($_GET['ticket_id'])){
             </button>
             <div class="dropdown-menu">
               <a class="dropdown-item" href="#" data-toggle="modal" data-target="#replyEditTicketModal<?php echo $ticket_reply_id; ?>"><i class="fas fa-fw fa-edit text-secondary"></i> Edit</a>
-              <div class="dropdown-divider"></div>
-              <a class="dropdown-item text-danger" href="post.php?archive_ticket_reply=<?php echo $ticket_reply_id; ?>"><i class="fas fa-fw fa-trash text-danger"></i> Archive</a>
+              <?php if($session_user_role == 3) { ?>
+                <div class="dropdown-divider"></div>
+                <a class="dropdown-item text-danger" href="post.php?archive_ticket_reply=<?php echo $ticket_reply_id; ?>"><i class="fas fa-fw fa-trash text-danger"></i> Archive</a>
+              <?php } ?>
             </div>
           </div>
         </div>
diff --git a/tickets.php b/tickets.php
index 58ff9247..a2a2c3f9 100644
--- a/tickets.php
+++ b/tickets.php
@@ -434,9 +434,11 @@ $user_active_assigned_tickets = $row['total_tickets_assigned'];
                                       <div class="dropdown-menu">
                                           <a class="dropdown-item" href="#" data-toggle="modal"
                                              data-target="#editTicketModal<?php echo $ticket_id; ?>">Edit</a>
-                                          <div class="dropdown-divider"></div>
-                                          <a class="dropdown-item text-danger"
-                                             href="post.php?delete_ticket=<?php echo $ticket_id; ?>">Delete</a>
+                                        <?php if($session_user_role == 3) { ?>
+                                            <div class="dropdown-divider"></div>
+                                            <a class="dropdown-item text-danger"
+                                               href="post.php?delete_ticket=<?php echo $ticket_id; ?>">Delete</a>
+                                        <?php } ?>
                                       </div>
                                   </div>
                                 <?php } ?>