diff --git a/Server/middleware/isAllowed.js b/Server/middleware/isAllowed.js
new file mode 100644
index 000000000..fefb26099
--- /dev/null
+++ b/Server/middleware/isAllowed.js
@@ -0,0 +1,53 @@
+const jwt = require("jsonwebtoken");
+const TOKEN_PREFIX = "Bearer ";
+const SERVICE_NAME = "allowedRoles";
+const { errorMessages } = require("../utils/messages");
+
+const isAllowed = (allowedRoles) => {
+  return (req, res, next) => {
+    const token = req.headers["authorization"];
+
+    // If no token is pressent, return an error
+    if (!token) {
+      const error = new Error(errorMessages.NO_AUTH_TOKEN);
+      error.status = 401;
+      error.service = SERVICE_NAME;
+      next(error);
+      return;
+    }
+
+    // If the token is improperly formatted, return an error
+    if (!token.startsWith(TOKEN_PREFIX)) {
+      const error = new Error(errorMessages.INVALID_AUTH_TOKEN);
+      error.status = 400;
+      error.service = SERVICE_NAME;
+      next(error);
+      return;
+    }
+    // Parse the token
+    try {
+      const parsedToken = token.slice(TOKEN_PREFIX.length, token.length);
+      var decoded = jwt.verify(parsedToken, process.env.JWT_SECRET);
+      const userRoles = decoded.role;
+
+      // Check if the user has the required role
+      if (userRoles.some((role) => allowedRoles.includes(role))) {
+        next();
+        return;
+      } else {
+        const error = new Error(errorMessages.INSUFFICIENT_PERMISSIONS);
+        error.status = 401;
+        error.service = SERVICE_NAME;
+        next(error);
+        return;
+      }
+    } catch (error) {
+      error.status = 401;
+      error.service = SERVICE_NAME;
+      next(error);
+      return;
+    }
+  };
+};
+
+module.exports = { isAllowed };
diff --git a/Server/routes/authRoute.js b/Server/routes/authRoute.js
index ddecd8d39..743a55c19 100644
--- a/Server/routes/authRoute.js
+++ b/Server/routes/authRoute.js
@@ -1,7 +1,7 @@
 const router = require("express").Router();
 const { verifyJWT } = require("../middleware/verifyJWT");
-const { verifySuperAdmin } = require("../middleware/verifySuperAdmin");
 const { verifyOwnership } = require("../middleware/verifyOwnership");
+const { isAllowed } = require("../middleware/isAllowed");
 const multer = require("multer");
 const upload = multer();
 const User = require("../models/user");
@@ -29,7 +29,12 @@ router.put(
   userEditController
 );
 router.get("/users/superadmin", checkSuperadminController);
-router.get("/users", verifyJWT, verifySuperAdmin, getAllUsersController);
+router.get(
+  "/users",
+  verifyJWT,
+  isAllowed(["admin", "superadmin"]),
+  getAllUsersController
+);
 router.delete(
   "/user/:userId",
   verifyJWT,
diff --git a/Server/routes/inviteRoute.js b/Server/routes/inviteRoute.js
index 05df2f51f..54e74b0fa 100644
--- a/Server/routes/inviteRoute.js
+++ b/Server/routes/inviteRoute.js
@@ -1,11 +1,22 @@
 const router = require("express").Router();
 const { verifyJWT } = require("../middleware/verifyJWT");
+const { isAllowed } = require("../middleware/isAllowed");
+
 const {
   inviteController,
   inviteVerifyController,
 } = require("../controllers/inviteController");
 
-router.post("/", verifyJWT, inviteController);
-router.post("/verify", inviteVerifyController);
+router.post(
+  "/",
+  isAllowed(["admin", "superadmin"]),
+  verifyJWT,
+  inviteController
+);
+router.post(
+  "/verify",
+  isAllowed(["admin", "superadmin"]),
+  inviteVerifyController
+);
 
 module.exports = router;
diff --git a/Server/routes/monitorRoute.js b/Server/routes/monitorRoute.js
index facbf47ed..e08c43b7d 100644
--- a/Server/routes/monitorRoute.js
+++ b/Server/routes/monitorRoute.js
@@ -1,7 +1,6 @@
 const router = require("express").Router();
 const monitorController = require("../controllers/monitorController");
-const { verifyOwnership } = require("../middleware/verifyOwnership");
-const Monitor = require("../models/Monitor");
+const { isAllowed } = require("../middleware/isAllowed");
 
 router.get("/", monitorController.getAllMonitors);
 router.get("/stats/:monitorId", monitorController.getMonitorStatsById);
@@ -9,17 +8,27 @@ router.get("/certificate/:monitorId", monitorController.getMonitorCertificate);
 router.get("/:monitorId", monitorController.getMonitorById);
 router.get("/team/:teamId", monitorController.getMonitorsByTeamId);
 
-router.post("/", monitorController.createMonitor);
+router.post(
+  "/",
+  isAllowed(["admin", "superadmin"]),
+  monitorController.createMonitor
+);
+
 router.delete(
   "/:monitorId",
-  verifyOwnership(Monitor, "monitorId"),
+  isAllowed(["admin", "superadmin"]),
   monitorController.deleteMonitor
 );
+
 router.put(
   "/:monitorId",
-  verifyOwnership(Monitor, "monitorId"),
+  isAllowed(["admin", "superadmin"]),
   monitorController.editMonitor
 );
 
-router.delete("/all", monitorController.deleteAllMonitors);
+router.delete(
+  "/all",
+  isAllowed(["superadmin"]),
+  monitorController.deleteAllMonitors
+);
 module.exports = router;
diff --git a/Server/utils/messages.js b/Server/utils/messages.js
index 55f0fa7e9..7375fe448 100644
--- a/Server/utils/messages.js
+++ b/Server/utils/messages.js
@@ -17,6 +17,9 @@ const errorMessages = {
   VERIFY_OWNER_NOT_FOUND: "Document not found",
   VERIFY_OWNER_UNAUTHORIZED: "Unauthorized access",
 
+  //Permissions Middleware
+  INSUFFICIENT_PERMISSIONS: "Insufficient permissions",
+
   //DB Errors
   DB_USER_EXISTS: "User already exists",
   DB_USER_NOT_FOUND: "User not found",