diff --git a/init.rb b/init.rb
index f303fa7..0999017 100644
--- a/init.rb
+++ b/init.rb
@@ -15,4 +15,7 @@ Redmine::Plugin.register :redmine_rate do
   version '0.1.0'
 
   requires_redmine :version_or_higher => '0.8.0'
+  
+  permission :view_rate, { }
+  permission :edit_rate, { }
 end
diff --git a/lib/rate_project_hook.rb b/lib/rate_project_hook.rb
index b82701b..c869e4b 100644
--- a/lib/rate_project_hook.rb
+++ b/lib/rate_project_hook.rb
@@ -11,6 +11,7 @@ class RateProjectHook < Redmine::Hook::ViewListener
   # * :project => Current project
   #
   def view_projects_settings_members_table_header(context ={ })
+    return '' unless (User.current.allowed_to?(:view_rate, context[:project]) || User.current.admin?)
     return "<th>#{l(:rate_label_rate)} #{l(:rate_label_currency)}</td>"
   end
   
@@ -24,6 +25,9 @@ class RateProjectHook < Redmine::Hook::ViewListener
   def view_projects_settings_members_table_row(context = { })
     member = context[:member]
     project = context[:project]
+
+    return '' unless (User.current.allowed_to?(:view_rate, project) || User.current.admin?)
+
     rate = Rate.for(member.user, project)
 
     content = ''
diff --git a/spec/controllers/rates_controller_spec.rb b/spec/controllers/rates_controller_spec.rb
index 6d008f1..798af1c 100644
--- a/spec/controllers/rates_controller_spec.rb
+++ b/spec/controllers/rates_controller_spec.rb
@@ -35,7 +35,7 @@ describe RatesController, "as regular user" do
   end
   
   before(:each) do
-    @user = mock_model(User, :logged? => true, :admin? => false, :anonymous? => false, :name => "Normal User", :memberships => [])
+    @user = mock_model(User, :logged? => true, :admin? => false, :anonymous? => false, :name => "Normal User", :memberships => [], :allowed_to? => true)
     User.stub!(:current).and_return(@user)
   end
   
@@ -130,7 +130,7 @@ describe RatesController, "as an administrator" do
   end
 
   before(:each) do
-    @user = mock_model(User, :logged? => true, :admin? => true, :anonymous? => false, :name => "Admin User", :memberships => [])
+    @user = mock_model(User, :logged? => true, :admin? => true, :anonymous? => false, :name => "Admin User", :memberships => [], :allowed_to? => true)
     User.stub!(:current).and_return(@user)
   end