diff --git a/greenmine/documents/api.py b/greenmine/documents/api.py
index 3db57290..0f05260d 100644
--- a/greenmine/documents/api.py
+++ b/greenmine/documents/api.py
@@ -2,13 +2,18 @@ from rest_framework import generics
 
 from greenmine.documents.serializers import DocumentSerializer
 from greenmine.documents.models import Document
+from greenmine.documents.permissions import DocumentDetailPermission
 
 
 class DocumentList(generics.ListCreateAPIView):
     model = Document
     serializer_class = DocumentSerializer
 
+    def get_queryset(self):
+        return self.model.objects.filter(project__members=self.request.user)
+
 
 class DocumentDetail(generics.RetrieveUpdateDestroyAPIView):
     model = Document
     serializer_class = DocumentSerializer
+    permission_classes = (DocumentDetailPermission,)
diff --git a/greenmine/documents/permissions.py b/greenmine/documents/permissions.py
new file mode 100644
index 00000000..a9c3a330
--- /dev/null
+++ b/greenmine/documents/permissions.py
@@ -0,0 +1,8 @@
+from greenmine.base.permissions import BaseDetailPermission
+
+class DocumentDetailPermission(BaseDetailPermission):
+    get_permission = "can_view_document"
+    put_permission = "can_change_document"
+    delete_permission = "can_delete_document"
+    safe_methods = ['HEAD', 'OPTIONS']
+    path_to_document =  []
diff --git a/greenmine/questions/api.py b/greenmine/questions/api.py
index 64c951ab..e74c6cf2 100644
--- a/greenmine/questions/api.py
+++ b/greenmine/questions/api.py
@@ -3,23 +3,30 @@ from rest_framework import generics
 
 from greenmine.questions.serializers import QuestionSerializer, QuestionResponseSerializer
 from greenmine.questions.models import Question, QuestionResponse
+from greenmine.questions.permissions import QuestionDetailPermission, QuestionResponseDetailPermission
 
 
 class QuestionList(generics.ListCreateAPIView):
     model = Question
     serializer_class = QuestionSerializer
 
+    def get_queryset(self):
+        return self.model.objects.filter(project__members=self.request.user)
 
 class QuestionDetail(generics.RetrieveUpdateDestroyAPIView):
     model = Question
     serializer_class = QuestionSerializer
+    permission_classes = (QuestionDetailPermission,)
 
 
 class QuestionResponseList(generics.ListCreateAPIView):
     model = QuestionResponse
     serializer_class = QuestionResponseSerializer
 
+    def get_queryset(self):
+        return self.model.objects.filter(question__project__members=self.request.user)
 
 class QuestionResponseDetail(generics.RetrieveUpdateDestroyAPIView):
     model = QuestionResponse
     serializer_class = QuestionResponseSerializer
+    permission_classes = (QuestionResponseDetailPermission,)
diff --git a/greenmine/questions/permissions.py b/greenmine/questions/permissions.py
new file mode 100644
index 00000000..fedf72fe
--- /dev/null
+++ b/greenmine/questions/permissions.py
@@ -0,0 +1,15 @@
+from greenmine.base.permissions import BaseDetailPermission
+
+class QuestionDetailPermission(BaseDetailPermission):
+    get_permission = "can_view_question"
+    put_permission = "can_change_question"
+    delete_permission = "can_delete_question"
+    safe_methods = ['HEAD', 'OPTIONS']
+    path_to_document =  []
+
+class QuestionResponseDetailPermission(BaseDetailPermission):
+    get_permission = "can_view_questionresponse"
+    put_permission = "can_change_questionresponse"
+    delete_permission = "can_delete_questionresponse"
+    safe_methods = ['HEAD', 'OPTIONS']
+    path_to_document =  []