diff --git a/controllers/storeSecrets.go b/controllers/storeSecrets.go
index e0a5c98..9426710 100644
--- a/controllers/storeSecrets.go
+++ b/controllers/storeSecrets.go
@@ -294,6 +294,14 @@ func UpdateSecret(c *gin.Context) {
 		// Update secret
 		//log.Printf("secretList[0]: %v\n", secretList[0])
 
+		// Check for readonly access
+		if secretList[0].Permission.ReadOnly {
+			errString := "read-only access unable to update secret"
+			log.Printf("UpdateSecret %s\n", errString)
+			c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+			return
+		}
+
 		s.SecretId = secretList[0].SecretId
 
 		// check for empty fields in the update request and update from the existing record
@@ -373,6 +381,14 @@ func DeleteSecret(c *gin.Context) {
 		// Delete secret
 		log.Printf("secretList[0]: %v\n", secretList[0])
 
+		// Check for readonly access
+		if secretList[0].Permission.ReadOnly {
+			errString := "read-only access unable to delete secret"
+			log.Printf("DeleteSecret %s\n", errString)
+			c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+			return
+		}
+
 		s.SecretId = secretList[0].SecretId
 
 		// check for empty fields in the update request and update from the existing record