diff --git a/orif/timbreuse/Config/Routes.php b/orif/timbreuse/Config/Routes.php
index b83db78..24fb6a0 100644
--- a/orif/timbreuse/Config/Routes.php
+++ b/orif/timbreuse/Config/Routes.php
@@ -89,6 +89,7 @@
     });
 });
 
+// User groups
 $routes->get('user-groups', '\Timbreuse\Controllers\UserGroups::displayByUserId');
 $routes->get('user-groups/(:num)', '\Timbreuse\Controllers\UserGroups::displayByUserId/$1');
 $routes->get('user-groups/select/(:num)', '\Timbreuse\Controllers\UserGroups::selectGroupsLinkToUser/$1');
diff --git a/orif/timbreuse/Controllers/UserGroups.php b/orif/timbreuse/Controllers/UserGroups.php
index 905912d..82c98aa 100644
--- a/orif/timbreuse/Controllers/UserGroups.php
+++ b/orif/timbreuse/Controllers/UserGroups.php
@@ -17,7 +17,6 @@
 
 class UserGroups extends BaseController
 {
-    // todo: manage rights to methods and add link and unlink user from a group
     // Class properties
     private UserGroupsModel $userGroupsModel;
     private UserSyncGroupsModel $userSyncGroupsModel;
@@ -41,6 +40,7 @@ public function initController(
 
         // Load required helpers
         helper('form');
+        helper('UtilityFunctions');
 
         // Load required models
         $this->userGroupsModel = new UserGroupsModel();
@@ -59,6 +59,10 @@ public function initController(
      * @return string
      */
     public function index() : string {
+        if (!is_admin()) {
+            return redirect()->to(base_url('user-groups'));
+        }
+
         $data['title'] = lang('tim_lang.user_group_list');
 
         $userGroups = $this->userGroupsModel->findAll();
@@ -140,19 +144,25 @@ private function formatBreadCrumb(array $group, array $parentGroups) : string {
      * @param  mixed $timUserId
      * @return string
      */
-    public function displayByUserId(?int $timUserId = null) : string {
-        helper('UtilityFunctions');
-
+    public function displayByUserId(?int $timUserId = null) : string|RedirectResponse {
         if (is_null($timUserId)) {
             $timUserId = get_tim_user_id();
         }
 
+        if ($timUserId != get_tim_user_id() && !is_admin()) {
+            return redirect()->to(base_url('user-groups'));
+        }
+
         if (is_admin()) {
             $data['createUrl'] = base_url("user-groups/select/$timUserId");
         }
 
         $user = $this->userSyncModel->find($timUserId);
 
+        if (is_null($user)) {
+            return redirect()->to($_SESSION['_ci_previous_url']);
+        }
+
         $data['title'] = lang('tim_lang.title_user_group_of', [
             'firstname' => $user['name'],
             'lastname' => $user['surname']
@@ -194,7 +204,11 @@ public function displayByUserId(?int $timUserId = null) : string {
      * @param  int $timUserId
      * @return string
      */
-    public function selectGroupsLinkToUser(int $timUserId) : string {
+    public function selectGroupsLinkToUser(int $timUserId) : string|RedirectResponse {
+        if (!is_admin()) {
+            return redirect()->to(base_url('user-groups'));
+        }
+
         $user = $this->userSyncModel->find($timUserId);
         $data['title'] = lang('tim_lang.title_add_groups_to', [
             'firstname' => $user['name'],
@@ -291,6 +305,10 @@ private function displayHierarchyRecursive(array $array, ?string $parentId = nul
      * @return string|RedirectResponse
      */
     public function create(int $parentId = null) : string|RedirectResponse {
+        if (!is_admin()) {
+            return redirect()->to(base_url('user-groups'));
+        }
+
         $parentUserGroup = $this->userGroupsModel->find($parentId);
 
         $data = [
@@ -324,6 +342,10 @@ public function create(int $parentId = null) : string|RedirectResponse {
      * @return string|RedirectResponse
      */
     public function update(int $id, int $parentId = null) : string|RedirectResponse {
+        if (!is_admin()) {
+            return redirect()->to(base_url('user-groups'));
+        }
+
         $userGroup = $this->userGroupsModel->find($id);
         $parentUserGroupId = $parentId ?? $userGroup['fk_parent_user_group_id'] ?? null;
         
@@ -369,6 +391,10 @@ public function update(int $id, int $parentId = null) : string|RedirectResponse
      * @return string|RedirectResponse
      */
     public function delete(int $id, int $action = 0) : string|RedirectResponse {
+        if (!is_admin()) {
+            return redirect()->to(base_url('user-groups'));
+        }
+
         $userGroup = $this->userGroupsModel->find($id);
 
         if (!$userGroup) {
@@ -408,9 +434,13 @@ public function delete(int $id, int $action = 0) : string|RedirectResponse {
      * Display select user group page
      *
      * @param  int $id
-     * @return string
+     * @return string|RedirectResponse
      */
-    public function selectUserGroup(?int $id = null) : string {
+    public function selectUserGroup(?int $id = null) : string|RedirectResponse {
+        if (!is_admin()) {
+            return redirect()->to(base_url('user-groups'));
+        }
+
         $filters = $_GET;
 
         $data['route'] = $filters['path'];
diff --git a/orif/timbreuse/Views/userGroups/list.php b/orif/timbreuse/Views/userGroups/list.php
index 770d89e..5b6ce66 100644
--- a/orif/timbreuse/Views/userGroups/list.php
+++ b/orif/timbreuse/Views/userGroups/list.php
@@ -20,8 +20,7 @@
             <?php foreach($userGroups as $userGroup): ?>
                 <tr class="<?= isset($userGroup['class']) ? $userGroup['class'] : '' ?>">
                     <td>
-                        <?= (isset($linkedUserGroups) 
-                        && in_array($userGroup['id'], $linkedUserGroups) ? '<i class="bi bi-circle-fill"></i> ': '') . $userGroup['name'] ?>
+                        <?= $userGroup['name'] ?>
                     </td>
                     <td class="text-right">
                         <?php if (isset($userGroup['addUrl'])): ?>