diff --git a/smash/web/migrations/0154_add_permission_to_existing_workers.py b/smash/web/migrations/0154_add_permission_to_existing_workers.py
new file mode 100644
index 0000000000000000000000000000000000000000..76d2ca30d1e461f10b09a110f1b3d66d036dff4f
--- /dev/null
+++ b/smash/web/migrations/0154_add_permission_to_existing_workers.py
@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.5 on 2020-03-19 13:01
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('web', '0153_auto_20200320_0932'),
+    ]
+
+    operations = [
+        migrations.RunSQL("insert into web_workerstudyrole_permissions(workerstudyrole_id, permission_id) "
+                          "select web_workerstudyrole.id, auth_permission.id from web_workerstudyrole,auth_permission "
+                          "where codename='add_subject';"),
+
+    ]
diff --git a/smash/web/templates/subjects/index.html b/smash/web/templates/subjects/index.html
index cfe954bcc1251c81a64dffee7c12a18b62893bda..29a4d2308145826a49e5d49091eb949a3157b524 100644
--- a/smash/web/templates/subjects/index.html
+++ b/smash/web/templates/subjects/index.html
@@ -31,7 +31,7 @@
             padding-left: 2px;
         }
         .visit_row > span > a{
-            color: inherit; 
+            color: inherit;
         }
         .appointment_type_list{
             margin-top: 10px;
@@ -57,7 +57,11 @@
 {% block maincontent %}
 
     <div>
-        <a href="{% url 'web.views.subject_add' %}" class="btn btn-app">
+        <a href="{% url 'web.views.subject_add' %}" class="btn btn-app"
+                {% if not "add_subject" in permissions %}
+           disabled
+                {% endif %}
+        >
             <i class="fa fa-plus"></i>
             Add new subject
         </a>
diff --git a/smash/web/views/subject.py b/smash/web/views/subject.py
index cb8cf69d285f57f1496dd66e092e08bf9365cc1d..ef65d5f486e0aa018a762fa8deb0091a09fdf72a 100644
--- a/smash/web/views/subject.py
+++ b/smash/web/views/subject.py
@@ -4,6 +4,7 @@ import logging
 from django.contrib import messages
 from django.shortcuts import redirect, get_object_or_404
 
+from web.decorators import PermissionDecorator
 from . import wrap_response
 from ..forms import VisitDetailForm, SubjectAddForm, SubjectEditForm, StudySubjectAddForm, StudySubjectEditForm
 from ..models import StudySubject, MailTemplate, Worker, Study, Provenance, Subject
@@ -27,6 +28,7 @@ def subjects(request):
     return subject_list(request, SUBJECT_LIST_GENERIC)
 
 
+@PermissionDecorator('add_subject', 'subject')
 def subject_add(request):
     study = Study.objects.filter(id=GLOBAL_STUDY_ID)[0]
     if request.method == 'POST':