diff --git a/common/utilities.go b/common/utilities.go
index 18c790d..931a663 100644
--- a/common/utilities.go
+++ b/common/utilities.go
@@ -27,7 +27,6 @@ func ProvideErrorResponse(c *gin.Context, err error) bool {
 	return false // No error
 }
 
-
 func GetSimulationID(c *gin.Context) (int, error) {
 
 	simID, err := strconv.Atoi(c.Param("simulationID"))
@@ -90,4 +89,20 @@ func GetWidgetID(c *gin.Context) (int, error) {
 		return widgetID, err
 
 	}
-}
\ No newline at end of file
+}
+
+func IsActionAllowed(c *gin.Context, model string, action string) error {
+
+	// Get user's role from context
+	role, exists := c.Get("user_role")
+	if !exists {
+		return fmt.Errorf("Request does not contain user's role")
+	}
+
+	// Check if the role can execute the action on the model
+	if !Roles[role.(string)][model][action] {
+		return fmt.Errorf("Action not allowed for role %v", role)
+	}
+
+	return nil
+}
diff --git a/routes/user/userEndpoints.go b/routes/user/userEndpoints.go
index 64ff1dc..015f02d 100644
--- a/routes/user/userEndpoints.go
+++ b/routes/user/userEndpoints.go
@@ -274,11 +274,17 @@ func getUser(c *gin.Context) {
 // @Router /users/{userID} [delete]
 func deleteUser(c *gin.Context) {
 
+	err := common.IsActionAllowed(c, "user", "delete")
+	if err != nil {
+		c.JSON(http.StatusUnprocessableEntity, fmt.Sprintf("%v", err))
+		return
+	}
+
 	var user User
 	id, _ := strconv.ParseInt(c.Param("UserID"), 10, 64)
 
 	// Check that the user exist
-	err := user.byID(uint(id))
+	err = user.byID(uint(id))
 	if err != nil {
 		c.JSON(http.StatusNotFound, fmt.Sprintf("%v", err))
 		return