diff --git a/backend/apiRouter.php b/backend/apiRouter.php
index 6148cd6..9df8978 100644
--- a/backend/apiRouter.php
+++ b/backend/apiRouter.php
@@ -48,7 +48,11 @@ function apiRouter (FastRoute\RouteCollector $r) {
             global $db, $users;
             requireLogin() || accessDenied();
             $users->online_time_update();
-            $response = $db->select("SELECT * FROM `".DB_PREFIX."_profiles` ORDER BY available DESC, chief DESC, services ASC, availability_minutes ASC, name ASC");
+            if($users->hasRole(Role::FULL_VIEWER)) {
+                $response = $db->select("SELECT * FROM `".DB_PREFIX."_profiles` ORDER BY available DESC, chief DESC, services ASC, availability_minutes ASC, name ASC");
+            } else {
+                $response = $db->select("SELECT `id`, `chief`, `online_time`, `available`, `name` FROM `".DB_PREFIX."_profiles` ORDER BY available DESC, chief DESC, services ASC, availability_minutes ASC, name ASC");
+            }
             apiResponse(
                 !is_null($response) ? $response : []
             );
@@ -126,6 +130,9 @@ function apiRouter (FastRoute\RouteCollector $r) {
         function ($vars) {
             global $users;
             requireLogin() || accessDenied();
+            if(!$users->hasRole(Role::FULL_VIEWER) && $_POST["id"] !== $users->auth->getUserId()){
+                exit;
+            }
             apiResponse(["userId" => $users->add_user($_POST["email"], $_POST["name"], $_POST["username"], $_POST["password"], $_POST["phone_number"], $_POST["birthday"], $_POST["chief"], $_POST["driver"], $_POST["hidden"], $_POST["disabled"], "unknown")]);
         }
     );
@@ -135,6 +142,9 @@ function apiRouter (FastRoute\RouteCollector $r) {
         function ($vars) {
             global $users;
             requireLogin() || accessDenied();
+            if(!$users->hasRole(Role::FULL_VIEWER) && $_POST["id"] !== $users->auth->getUserId()){
+                exit;
+            }
             apiResponse($users->get_user($vars["userId"]));
         }
     );
@@ -144,6 +154,9 @@ function apiRouter (FastRoute\RouteCollector $r) {
         function ($vars) {
             global $users;
             requireLogin() || accessDenied();
+            if(!$users->hasRole(Role::FULL_VIEWER) && $_POST["id"] !== $users->auth->getUserId()){
+                exit;
+            }
             $users->remove_user($vars["userId"], "unknown");
             apiResponse(["status" => "success"]);
         }
@@ -171,7 +184,10 @@ function apiRouter (FastRoute\RouteCollector $r) {
             global $users, $db;
             requireLogin() || accessDenied();
             $users->online_time_update();
-            logger("Disponibilità cambiata in ".($_POST["available"] ? '"disponibile"' : '"non disponibile"'), is_numeric($_POST["id"]) ? $_POST["id"] : $users->auth->getUserId());
+            if(!$users->hasRole(Role::FULL_VIEWER) && $_POST["id"] !== $users->auth->getUserId()){
+                exit;
+            }
+            logger("Disponibilità cambiata in ".($_POST["available"] ? '"disponibile"' : '"non disponibile"'), is_numeric($_POST["id"]) ? $_POST["id"] : $users->auth->getUserId(), $users->auth->getUserId());
             apiResponse([
                 "response" => $db->update(
                     DB_PREFIX.'_profiles',
diff --git a/backend/composer.lock b/backend/composer.lock
index db82e07..6b86ede 100644
--- a/backend/composer.lock
+++ b/backend/composer.lock
@@ -207,12 +207,12 @@
             "source": {
                 "type": "git",
                 "url": "https://github.com/allerta-vvf/PHP-Auth-JWT",
-                "reference": "ddb3236ae79fcd0e706d108332dbad9dcdffc2c6"
+                "reference": "3ea0aa3d7e74528c57932872bbda339e995a9d9a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/allerta-vvf/PHP-Auth-JWT/zipball/ddb3236ae79fcd0e706d108332dbad9dcdffc2c6",
-                "reference": "ddb3236ae79fcd0e706d108332dbad9dcdffc2c6",
+                "url": "https://api.github.com/repos/allerta-vvf/PHP-Auth-JWT/zipball/3ea0aa3d7e74528c57932872bbda339e995a9d9a",
+                "reference": "3ea0aa3d7e74528c57932872bbda339e995a9d9a",
                 "shasum": ""
             },
             "require": {
@@ -240,7 +240,7 @@
                 "login",
                 "security"
             ],
-            "time": "2021-12-24T14:07:13+00:00"
+            "time": "2021-12-27T18:35:45+00:00"
         },
         {
             "name": "delight-im/base64",
@@ -3263,5 +3263,5 @@
     "prefer-lowest": false,
     "platform": [],
     "platform-dev": [],
-    "plugin-api-version": "2.2.0"
+    "plugin-api-version": "2.1.0"
 }
diff --git a/backend/utils.php b/backend/utils.php
index 604833b..65fecac 100644
--- a/backend/utils.php
+++ b/backend/utils.php
@@ -155,21 +155,31 @@ class Users
     public function loginAndReturnToken($username, $password)
     {
         $this->auth->loginWithUsername($username, $password);
-        $token = $this->auth->generateJWTtoken();
+        $token = $this->auth->generateJWTtoken([
+            "chief" => $this->auth->hasRole(Role::FULL_VIEWER),
+            "name" => $this->getName(),
+        ]);
         return $token;
     }
 
-    public function isHidden($id)
+    public function isHidden($id=null)
     {
+        if(is_null($id)) $id = $this->auth->getUserId();
         $user = $this->db->selectRow("SELECT * FROM `".DB_PREFIX."_profiles` WHERE `id` = ?", [$id]);
         return $user["hidden"];
     }
 
-    public function getName($id)
+    public function getName($id=null)
     {
+        if(is_null($id)) $id = $this->auth->getUserId();
         $user = $this->db->selectRow("SELECT * FROM `".DB_PREFIX."_profiles` WHERE `id` = ?", [$id]);
         return $user["name"];
     }
+
+    public function hasRole($role, $adminGranted=true)
+    {
+        return $this->auth->hasRole($role) || $adminGranted && $role !== Role::DEVELOPER && $this->auth->hasRole(Role::ADMIN) || $role !== Role::DEVELOPER && $this->auth->hasRole(Role::SUPER_ADMIN);
+    }
 }
 
 class Services {
diff --git a/frontend/src/app/_components/table/table.component.html b/frontend/src/app/_components/table/table.component.html
index 4a06102..8b9f7ee 100644
--- a/frontend/src/app/_components/table/table.component.html
+++ b/frontend/src/app/_components/table/table.component.html
@@ -4,11 +4,13 @@
             <tr>
                 <th>Nome</th>
                 <th>Disponibile</th>
+                <ng-container *ngIf="auth.profile.chief">
                 <th>Autista</th>
                 <th>Chiama</th>
                 <th>Scrivi</th>
                 <th>Interventi</th>
                 <th>Minuti disponibilità</th>
+                </ng-container>
             </tr>
         </thead>
         <tbody id="table_body">
@@ -19,10 +21,11 @@
                     <ng-container *ngIf="(getTime() - row.online_time) < 30"><u>{{ row.name }}</u></ng-container>
                     <ng-container *ngIf="(getTime() - row.online_time) > 30">{{ row.name }}</ng-container>
                 </td>
-                <td (click)="changeAvailability.emit({user: row.id, newState: row.available ? 0 : 1})">
+                <td (click)="onChangeAvailability(row.id, row.available ? 0 : 1)">
                     <i class="fa fa-check" style="color:green" *ngIf="row.available"></i>
                     <i class="fa fa-times" style="color:red" *ngIf="!row.available"></i>
                 </td>
+                <ng-container *ngIf="auth.profile.chief">
                 <td>
                     <img alt="driver" src="./assets/img/wheel.png" width="20px" *ngIf="row.driver">
                 </td>
@@ -34,6 +37,7 @@
                 </td>
                 <td>{{ row.services }}</td>
                 <td>{{ row.availability_minutes }}</td>
+                </ng-container>
             </tr>
         </tbody>
     </table>
diff --git a/frontend/src/app/_components/table/table.component.ts b/frontend/src/app/_components/table/table.component.ts
index 3045b91..504ec6f 100644
--- a/frontend/src/app/_components/table/table.component.ts
+++ b/frontend/src/app/_components/table/table.component.ts
@@ -1,6 +1,7 @@
 import { Component, OnInit, Input, Output, EventEmitter } from '@angular/core';
 import { TableType } from 'src/app/_models/TableType';
 import { ApiClientService } from 'src/app/_services/api-client.service';
+import { AuthService } from '../../_services/auth.service';
 
 @Component({
   selector: 'app-table',
@@ -15,7 +16,7 @@ export class TableComponent implements OnInit {
 
   public data: any = [];
 
-  constructor(public apiClient: ApiClientService) {}
+  constructor(public apiClient: ApiClientService, public auth: AuthService) {}
 
   getTime() {
     return Math.floor(Date.now() / 1000);
@@ -36,4 +37,9 @@ export class TableComponent implements OnInit {
     this.loadTableData();
   }
 
+  onChangeAvailability(user: number, newState: 0|1) {
+    if(this.auth.profile.chief) {
+      this.changeAvailability.emit({user, newState});
+    }
+  }
 }