diff --git a/lib/decentralised_book_index/metadata/publisher.ex b/lib/decentralised_book_index/metadata/publisher.ex
index 261fc1d..315faec 100644
--- a/lib/decentralised_book_index/metadata/publisher.ex
+++ b/lib/decentralised_book_index/metadata/publisher.ex
@@ -3,11 +3,34 @@ defmodule DecentralisedBookIndex.Metadata.Publisher do
     otp_app: :decentralised_book_index,
     domain: DecentralisedBookIndex.Metadata,
     data_layer: AshPostgres.DataLayer,
-    extensions: [AshJsonApi.Resource]
+    extensions: [AshJsonApi.Resource],
+    authorizers: [Ash.Policy.Authorizer]
 
   require Ash.Query
   alias DecentralisedBookIndex.Metadata
 
+  policies do
+    bypass actor_attribute_equals(:role, :admin) do
+      authorize_if always()
+    end
+
+    policy action_type(:read) do
+      authorize_if always()
+    end
+
+    policy action_type(:create) do
+      authorize_if actor_attribute_equals(:role, :moderator)
+    end
+
+    policy action_type(:update) do
+      authorize_if actor_attribute_equals(:role, :moderator)
+    end
+
+    policy action_type(:destroy) do
+      authorize_if actor_attribute_equals(:role, :admin)
+    end
+  end
+
   json_api do
     type "publisher"
   end