diff --git a/AsbCloudDb/Model/AsbCloudDbContext.cs b/AsbCloudDb/Model/AsbCloudDbContext.cs
index 7f9a0ab1..f56a700a 100644
--- a/AsbCloudDb/Model/AsbCloudDbContext.cs
+++ b/AsbCloudDb/Model/AsbCloudDbContext.cs
@@ -235,7 +235,7 @@ namespace AsbCloudDb.Model
                 entity.HasOne(d => d.User)
                     .WithMany(p => p.FileMarks)
                     .HasForeignKey(d => d.IdUser)
-                    .OnDelete(DeleteBehavior.Cascade)
+                    .OnDelete(DeleteBehavior.Cascade)                    
                     .HasConstraintName("t_user_t_file_mark_fk");
 
                 entity.HasOne(d => d.FileInfo)
diff --git a/AsbCloudWebApi/Controllers/AuthController.cs b/AsbCloudWebApi/Controllers/AuthController.cs
index 7b9e828e..549fed3c 100644
--- a/AsbCloudWebApi/Controllers/AuthController.cs
+++ b/AsbCloudWebApi/Controllers/AuthController.cs
@@ -13,10 +13,12 @@ namespace AsbCloudWebApi.Controllers
     public class AuthController : ControllerBase
     {
         private readonly IAuthService authService;
+        private readonly IUserService userService;
 
-        public AuthController(IAuthService authService)
+        public AuthController(IAuthService authService, IUserService userService)
         {
             this.authService = authService;
+            this.userService = userService;
         }
 
         /// <summary>
@@ -81,14 +83,15 @@ namespace AsbCloudWebApi.Controllers
         /// <returns code="200">Ок</returns>
         [Authorize]
         [HttpPut("{idUser}/ChangePassword")]
-        [Permission]
         public IActionResult ChangePassword([FromRoute]int idUser, [FromBody]string newPassword)
         {
-            const string roleName = "Администратор";
-            var allow = (User.GetUserId() == idUser) || User.IsInRole(roleName);
+            var editorUserId = User.GetUserId();
 
-            if (!allow)
-                return Forbid($"You must be an {roleName} or user with id:{idUser}.");
+            if (editorUserId is null)
+                return Forbid();
+            
+            if (!((editorUserId == idUser) || userService.HasPermission((int)editorUserId, "Auth.edit")))
+                return Forbid();
 
             var code = authService.ChangePassword(idUser, newPassword);
             return code switch
diff --git a/AsbCloudWebApi/Controllers/FileController.cs b/AsbCloudWebApi/Controllers/FileController.cs
index 7a11b397..f4ce6b09 100644
--- a/AsbCloudWebApi/Controllers/FileController.cs
+++ b/AsbCloudWebApi/Controllers/FileController.cs
@@ -31,13 +31,14 @@ namespace AsbCloudWebApi.Controllers
         /// <param name="idWell">id скважины</param>
         /// <param name="idCategory">id категории файла</param>
         /// <param name="files">Коллекция файлов</param>
+        /// <param name="userService">dependency</param>
         /// <param name="token"> Токен отмены задачи </param>
         /// <returns></returns>
         [HttpPost]
         [Permission]
         [ProducesResponseType(typeof(int), (int)System.Net.HttpStatusCode.OK)]
         public async Task<IActionResult> SaveFilesAsync(int idWell, int idCategory,
-            [FromForm] IFormFileCollection files, CancellationToken token = default)
+            [FromForm] IFormFileCollection files, [FromServices] IUserService userService, CancellationToken token = default)
         {
             int? idCompany = User.GetCompanyId();
             int? idUser = User.GetUserId();
@@ -49,6 +50,9 @@ namespace AsbCloudWebApi.Controllers
                 idWell, token).ConfigureAwait(false))
                 return Forbid();
 
+            if(!userService.HasPermission((int)idUser, $"File.edit{idCategory}"))
+                return Forbid();
+
             var fileInfoCollection = files.Select(f => new FileInfoDto
             {
                 Name = f.FileName,
@@ -149,20 +153,29 @@ namespace AsbCloudWebApi.Controllers
         /// </summary>
         /// <param name="idWell">id скважины</param>
         /// <param name="idFile">id запрашиваемого файла</param>
+        /// <param name="userService">dependency</param>
         /// <param name="token">Токен отмены задачи </param>
         /// <returns></returns>
         [HttpDelete("{idFile}")]
         [Permission]
         [ProducesResponseType(typeof(int), (int)System.Net.HttpStatusCode.OK)]
         public async Task<IActionResult> DeleteAsync(int idWell, int idFile,
+             [FromServices] IUserService userService,
             CancellationToken token = default)
         {
+            int? idUser = User.GetUserId();
+
             int? idCompany = User.GetCompanyId();
 
             if (idCompany is null || !await wellService.IsCompanyInvolvedInWellAsync((int)idCompany,
                 idWell, token).ConfigureAwait(false))
                 return Forbid();
 
+            var file = await fileService.GetInfoAsync((int)idFile,token);
+
+            if (!userService.HasPermission((int)idUser, $"File.edit{file.IdCategory}"))
+                return Forbid();
+
             var result = await fileService.MarkAsDeletedAsync(idFile, token);
 
             return Ok(result);
diff --git a/AsbCloudWebApi/Docs/Create permissions.ods b/AsbCloudWebApi/Docs/Create permissions.ods
index ec824b8e..9bf04a91 100644
Binary files a/AsbCloudWebApi/Docs/Create permissions.ods and b/AsbCloudWebApi/Docs/Create permissions.ods differ
diff --git a/AsbCloudWebApi/wwwroot/asset-manifest.json b/AsbCloudWebApi/wwwroot/asset-manifest.json
index 3adca2c8..ab5044e8 100644
--- a/AsbCloudWebApi/wwwroot/asset-manifest.json
+++ b/AsbCloudWebApi/wwwroot/asset-manifest.json
@@ -1,40 +1,46 @@
 {
   "files": {
-    "main.css": "/static/css/main.dd1fcee2.chunk.css",
-    "main.js": "/static/js/main.b2e71633.chunk.js",
-    "main.js.map": "/static/js/main.b2e71633.chunk.js.map",
-    "runtime-main.js": "/static/js/runtime-main.33aef657.js",
-    "runtime-main.js.map": "/static/js/runtime-main.33aef657.js.map",
-    "static/js/2.968888d9.chunk.js": "/static/js/2.968888d9.chunk.js",
-    "static/js/2.968888d9.chunk.js.map": "/static/js/2.968888d9.chunk.js.map",
-    "static/js/3.d96a3708.chunk.js": "/static/js/3.d96a3708.chunk.js",
-    "static/js/3.d96a3708.chunk.js.map": "/static/js/3.d96a3708.chunk.js.map",
-    "static/js/4.a0d32a2c.chunk.js": "/static/js/4.a0d32a2c.chunk.js",
-    "static/js/4.a0d32a2c.chunk.js.map": "/static/js/4.a0d32a2c.chunk.js.map",
-    "static/js/5.8306e86d.chunk.js": "/static/js/5.8306e86d.chunk.js",
-    "static/js/5.8306e86d.chunk.js.map": "/static/js/5.8306e86d.chunk.js.map",
-    "static/js/6.642e7ca1.chunk.js": "/static/js/6.642e7ca1.chunk.js",
-    "static/js/6.642e7ca1.chunk.js.map": "/static/js/6.642e7ca1.chunk.js.map",
-    "static/js/7.d412fe5e.chunk.js": "/static/js/7.d412fe5e.chunk.js",
-    "static/js/7.d412fe5e.chunk.js.map": "/static/js/7.d412fe5e.chunk.js.map",
-    "static/js/8.0292b3ca.chunk.js": "/static/js/8.0292b3ca.chunk.js",
-    "static/js/8.0292b3ca.chunk.js.map": "/static/js/8.0292b3ca.chunk.js.map",
-    "static/js/9.35059bd2.chunk.js": "/static/js/9.35059bd2.chunk.js",
-    "static/js/9.35059bd2.chunk.js.map": "/static/js/9.35059bd2.chunk.js.map",
-    "static/js/10.de99360f.chunk.js": "/static/js/10.de99360f.chunk.js",
-    "static/js/10.de99360f.chunk.js.map": "/static/js/10.de99360f.chunk.js.map",
-    "static/js/11.8f392911.chunk.js": "/static/js/11.8f392911.chunk.js",
-    "static/js/11.8f392911.chunk.js.map": "/static/js/11.8f392911.chunk.js.map",
+    "main.css": "/static/css/main.6f0755b9.chunk.css",
+    "main.js": "/static/js/main.7c7cb383.chunk.js",
+    "main.js.map": "/static/js/main.7c7cb383.chunk.js.map",
+    "runtime-main.js": "/static/js/runtime-main.b3b46d3d.js",
+    "runtime-main.js.map": "/static/js/runtime-main.b3b46d3d.js.map",
+    "static/js/2.bf9b3ba2.chunk.js": "/static/js/2.bf9b3ba2.chunk.js",
+    "static/js/2.bf9b3ba2.chunk.js.map": "/static/js/2.bf9b3ba2.chunk.js.map",
+    "static/css/3.03947450.chunk.css": "/static/css/3.03947450.chunk.css",
+    "static/js/3.d34c16b8.chunk.js": "/static/js/3.d34c16b8.chunk.js",
+    "static/js/3.d34c16b8.chunk.js.map": "/static/js/3.d34c16b8.chunk.js.map",
+    "static/js/4.2ad36218.chunk.js": "/static/js/4.2ad36218.chunk.js",
+    "static/js/4.2ad36218.chunk.js.map": "/static/js/4.2ad36218.chunk.js.map",
+    "static/js/5.acfe9843.chunk.js": "/static/js/5.acfe9843.chunk.js",
+    "static/js/5.acfe9843.chunk.js.map": "/static/js/5.acfe9843.chunk.js.map",
+    "static/js/6.dc92bc85.chunk.js": "/static/js/6.dc92bc85.chunk.js",
+    "static/js/6.dc92bc85.chunk.js.map": "/static/js/6.dc92bc85.chunk.js.map",
+    "static/js/7.04ca453e.chunk.js": "/static/js/7.04ca453e.chunk.js",
+    "static/js/7.04ca453e.chunk.js.map": "/static/js/7.04ca453e.chunk.js.map",
+    "static/js/8.22b44d11.chunk.js": "/static/js/8.22b44d11.chunk.js",
+    "static/js/8.22b44d11.chunk.js.map": "/static/js/8.22b44d11.chunk.js.map",
+    "static/js/9.ce938494.chunk.js": "/static/js/9.ce938494.chunk.js",
+    "static/js/9.ce938494.chunk.js.map": "/static/js/9.ce938494.chunk.js.map",
+    "static/js/10.85013738.chunk.js": "/static/js/10.85013738.chunk.js",
+    "static/js/10.85013738.chunk.js.map": "/static/js/10.85013738.chunk.js.map",
+    "static/js/11.f78b37df.chunk.js": "/static/js/11.f78b37df.chunk.js",
+    "static/js/11.f78b37df.chunk.js.map": "/static/js/11.f78b37df.chunk.js.map",
+    "static/js/12.cb29526d.chunk.js": "/static/js/12.cb29526d.chunk.js",
+    "static/js/12.cb29526d.chunk.js.map": "/static/js/12.cb29526d.chunk.js.map",
+    "static/js/13.438f2178.chunk.js": "/static/js/13.438f2178.chunk.js",
+    "static/js/13.438f2178.chunk.js.map": "/static/js/13.438f2178.chunk.js.map",
     "index.html": "/index.html",
-    "static/css/main.dd1fcee2.chunk.css.map": "/static/css/main.dd1fcee2.chunk.css.map",
-    "static/js/2.968888d9.chunk.js.LICENSE.txt": "/static/js/2.968888d9.chunk.js.LICENSE.txt",
+    "static/css/3.03947450.chunk.css.map": "/static/css/3.03947450.chunk.css.map",
+    "static/css/main.6f0755b9.chunk.css.map": "/static/css/main.6f0755b9.chunk.css.map",
+    "static/js/2.bf9b3ba2.chunk.js.LICENSE.txt": "/static/js/2.bf9b3ba2.chunk.js.LICENSE.txt",
     "static/media/ClusterIcon.a395f860.svg": "/static/media/ClusterIcon.a395f860.svg",
     "static/media/DepositIcon.6de7c7ae.svg": "/static/media/DepositIcon.6de7c7ae.svg"
   },
   "entrypoints": [
-    "static/js/runtime-main.33aef657.js",
-    "static/js/2.968888d9.chunk.js",
-    "static/css/main.dd1fcee2.chunk.css",
-    "static/js/main.b2e71633.chunk.js"
+    "static/js/runtime-main.b3b46d3d.js",
+    "static/js/2.bf9b3ba2.chunk.js",
+    "static/css/main.6f0755b9.chunk.css",
+    "static/js/main.7c7cb383.chunk.js"
   ]
 }
\ No newline at end of file
diff --git a/AsbCloudWebApi/wwwroot/index.html b/AsbCloudWebApi/wwwroot/index.html
index 25fbd8ab..1161009d 100644
--- a/AsbCloudWebApi/wwwroot/index.html
+++ b/AsbCloudWebApi/wwwroot/index.html
@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="онлайн мониторинг процесса бурения в реальном времени в офисе заказчика"/><link rel="manifest" href="/manifest.json"/><title>АСБ Vision</title><link href="/static/css/main.dd1fcee2.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script>!function(e){function r(r){for(var n,u,c=r[0],i=r[1],f=r[2],s=0,p=[];s<c.length;s++)u=c[s],Object.prototype.hasOwnProperty.call(o,u)&&o[u]&&p.push(o[u][0]),o[u]=0;for(n in i)Object.prototype.hasOwnProperty.call(i,n)&&(e[n]=i[n]);for(l&&l(r);p.length;)p.shift()();return a.push.apply(a,f||[]),t()}function t(){for(var e,r=0;r<a.length;r++){for(var t=a[r],n=!0,c=1;c<t.length;c++){var i=t[c];0!==o[i]&&(n=!1)}n&&(a.splice(r--,1),e=u(u.s=t[0]))}return e}var n={},o={1:0},a=[];function u(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,u),t.l=!0,t.exports}u.e=function(e){var r=[],t=o[e];if(0!==t)if(t)r.push(t[2]);else{var n=new Promise((function(r,n){t=o[e]=[r,n]}));r.push(t[2]=n);var a,c=document.createElement("script");c.charset="utf-8",c.timeout=120,u.nc&&c.setAttribute("nonce",u.nc),c.src=function(e){return u.p+"static/js/"+({}[e]||e)+"."+{3:"d96a3708",4:"a0d32a2c",5:"8306e86d",6:"642e7ca1",7:"d412fe5e",8:"0292b3ca",9:"35059bd2",10:"de99360f",11:"8f392911"}[e]+".chunk.js"}(e);var i=new Error;a=function(r){c.onerror=c.onload=null,clearTimeout(f);var t=o[e];if(0!==t){if(t){var n=r&&("load"===r.type?"missing":r.type),a=r&&r.target&&r.target.src;i.message="Loading chunk "+e+" failed.\n("+n+": "+a+")",i.name="ChunkLoadError",i.type=n,i.request=a,t[1](i)}o[e]=void 0}};var f=setTimeout((function(){a({type:"timeout",target:c})}),12e4);c.onerror=c.onload=a,document.head.appendChild(c)}return Promise.all(r)},u.m=e,u.c=n,u.d=function(e,r,t){u.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},u.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},u.t=function(e,r){if(1&r&&(e=u(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(u.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var n in e)u.d(t,n,function(r){return e[r]}.bind(null,n));return t},u.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return u.d(r,"a",r),r},u.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},u.p="/",u.oe=function(e){throw console.error(e),e};var c=this.webpackJsonpasb_cloud_front_react=this.webpackJsonpasb_cloud_front_react||[],i=c.push.bind(c);c.push=r,c=c.slice();for(var f=0;f<c.length;f++)r(c[f]);var l=i;t()}([])</script><script src="/static/js/2.968888d9.chunk.js"></script><script src="/static/js/main.b2e71633.chunk.js"></script></body></html>ц
\ No newline at end of file
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="онлайн мониторинг процесса бурения в реальном времени в офисе заказчика"/><link rel="manifest" href="/manifest.json"/><title>АСБ Vision</title><link href="/static/css/main.6f0755b9.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script>!function(e){function t(t){for(var n,o,u=t[0],i=t[1],f=t[2],l=0,d=[];l<u.length;l++)o=u[l],Object.prototype.hasOwnProperty.call(a,o)&&a[o]&&d.push(a[o][0]),a[o]=0;for(n in i)Object.prototype.hasOwnProperty.call(i,n)&&(e[n]=i[n]);for(s&&s(t);d.length;)d.shift()();return c.push.apply(c,f||[]),r()}function r(){for(var e,t=0;t<c.length;t++){for(var r=c[t],n=!0,o=1;o<r.length;o++){var i=r[o];0!==a[i]&&(n=!1)}n&&(c.splice(t--,1),e=u(u.s=r[0]))}return e}var n={},o={1:0},a={1:0},c=[];function u(t){if(n[t])return n[t].exports;var r=n[t]={i:t,l:!1,exports:{}};return e[t].call(r.exports,r,r.exports,u),r.l=!0,r.exports}u.e=function(e){var t=[];o[e]?t.push(o[e]):0!==o[e]&&{3:1}[e]&&t.push(o[e]=new Promise((function(t,r){for(var n="static/css/"+({}[e]||e)+"."+{3:"03947450",4:"31d6cfe0",5:"31d6cfe0",6:"31d6cfe0",7:"31d6cfe0",8:"31d6cfe0",9:"31d6cfe0",10:"31d6cfe0",11:"31d6cfe0",12:"31d6cfe0",13:"31d6cfe0"}[e]+".chunk.css",a=u.p+n,c=document.getElementsByTagName("link"),i=0;i<c.length;i++){var f=(s=c[i]).getAttribute("data-href")||s.getAttribute("href");if("stylesheet"===s.rel&&(f===n||f===a))return t()}var l=document.getElementsByTagName("style");for(i=0;i<l.length;i++){var s;if((f=(s=l[i]).getAttribute("data-href"))===n||f===a)return t()}var d=document.createElement("link");d.rel="stylesheet",d.type="text/css",d.onload=t,d.onerror=function(t){var n=t&&t.target&&t.target.src||a,c=new Error("Loading CSS chunk "+e+" failed.\n("+n+")");c.code="CSS_CHUNK_LOAD_FAILED",c.request=n,delete o[e],d.parentNode.removeChild(d),r(c)},d.href=a,document.getElementsByTagName("head")[0].appendChild(d)})).then((function(){o[e]=0})));var r=a[e];if(0!==r)if(r)t.push(r[2]);else{var n=new Promise((function(t,n){r=a[e]=[t,n]}));t.push(r[2]=n);var c,i=document.createElement("script");i.charset="utf-8",i.timeout=120,u.nc&&i.setAttribute("nonce",u.nc),i.src=function(e){return u.p+"static/js/"+({}[e]||e)+"."+{3:"d34c16b8",4:"2ad36218",5:"acfe9843",6:"dc92bc85",7:"04ca453e",8:"22b44d11",9:"ce938494",10:"85013738",11:"f78b37df",12:"cb29526d",13:"438f2178"}[e]+".chunk.js"}(e);var f=new Error;c=function(t){i.onerror=i.onload=null,clearTimeout(l);var r=a[e];if(0!==r){if(r){var n=t&&("load"===t.type?"missing":t.type),o=t&&t.target&&t.target.src;f.message="Loading chunk "+e+" failed.\n("+n+": "+o+")",f.name="ChunkLoadError",f.type=n,f.request=o,r[1](f)}a[e]=void 0}};var l=setTimeout((function(){c({type:"timeout",target:i})}),12e4);i.onerror=i.onload=c,document.head.appendChild(i)}return Promise.all(t)},u.m=e,u.c=n,u.d=function(e,t,r){u.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},u.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},u.t=function(e,t){if(1&t&&(e=u(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(u.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)u.d(r,n,function(t){return e[t]}.bind(null,n));return r},u.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return u.d(t,"a",t),t},u.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},u.p="/",u.oe=function(e){throw console.error(e),e};var i=this.webpackJsonpasb_cloud_front_react=this.webpackJsonpasb_cloud_front_react||[],f=i.push.bind(i);i.push=t,i=i.slice();for(var l=0;l<i.length;l++)t(i[l]);var s=f;r()}([])</script><script src="/static/js/2.bf9b3ba2.chunk.js"></script><script src="/static/js/main.7c7cb383.chunk.js"></script></body></html>
\ No newline at end of file
