diff --git a/app/controllers/structured_answers_controller.rb b/app/controllers/structured_answers_controller.rb
index c8b0403..efeee58 100644
--- a/app/controllers/structured_answers_controller.rb
+++ b/app/controllers/structured_answers_controller.rb
@@ -9,7 +9,6 @@
     p_params = permitted_params()
     type = params[:type]
     data = nil
-    #authorize @plan
     case type
     when "partner"
       data = partner_params
@@ -27,12 +26,14 @@
               data: data
         )
         @fragment.classname = type
+        authorize @fragment
         @fragment.save!
       else
         @fragment = StructuredAnswer.find_by!({ 
           id: p_params[:id],
           dmp_id: p_params[:dmp_id]
         })
+        authorize @fragment
         @fragment.update(
           data: data
         )
@@ -58,12 +59,13 @@
 
     def destroy 
       @plan = Plan.find(params[:plan_id])
-      fragment = StructuredAnswer.find(params[:id])
-      type = fragment.classname
-      parent_id = fragment.parent_id
-      obj_list = StructuredAnswer.where(dmp_id: fragment.dmp_id, classname: type)
+      @fragment = StructuredAnswer.find(params[:id])
+      type = @fragment.classname
+      parent_id = @fragment.parent_id
+      obj_list = StructuredAnswer.where(dmp_id: @fragment.dmp_id, classname: type)
         
-      if fragment.destroy
+      authorize @fragment
+      if @fragment.destroy
         render json: { 
           "type" => type,
           "html" => render_to_string(partial: 'plans/plan_details/linked_fragment_list', locals: {
diff --git a/app/models/fragment/dmp.rb b/app/models/fragment/dmp.rb
index 2fdc433..715bb53 100644
--- a/app/models/fragment/dmp.rb
+++ b/app/models/fragment/dmp.rb
@@ -37,6 +37,10 @@
     end
 
 
+    def plan 
+        Plan.find(data["plan_id"])
+    end
+
     def self.sti_name
         "dmp"
     end
diff --git a/app/models/structured_answer.rb b/app/models/structured_answer.rb
index 3a2b418..fdcf43b 100644
--- a/app/models/structured_answer.rb
+++ b/app/models/structured_answer.rb
@@ -78,6 +78,15 @@
   # = Class methods =
   # =================
 
+  def plan
+    plan = nil
+    if self.answer.nil?
+      self.dmp.plan
+    else
+      plan = self.answer.plan
+    end
+  end
+
   # Returns the schema associated to the JSON fragment
   def json_schema
     self.structured_data_schema.schema
diff --git a/app/policies/structured_answer_policy.rb b/app/policies/structured_answer_policy.rb
new file mode 100644
index 0000000..35657a4
--- /dev/null
+++ b/app/policies/structured_answer_policy.rb
@@ -0,0 +1,13 @@
+class StructuredAnswerPolicy < ApplicationPolicy
+  def initialize(user, fragment)
+    raise Pundit::NotAuthorizedError, _("must be logged in") unless user
+    @user = user
+    @fragment = fragment
+  end
+  def create_or_update?
+    @fragment.plan.editable_by?(@user.id) || @user == @answer.plan.owner
+  end
+  def destroy?
+    @fragment.plan.editable_by?(@user.id) || @user == @answer.plan.owner
+  end
+end