diff --git a/api/main.go b/api/main.go
index fb0e7da..0d9f3b6 100644
--- a/api/main.go
+++ b/api/main.go
@@ -37,7 +37,7 @@ func Start() {
 	r.GET("/mfa", HandleGetMFAFlow)
 	r.POST("/mfa", HandlePostMFAFlow)
 
-	r.GET("/rbac", HandleRbac)
+	r.GET("/rbac", middleware.CheckIfAllowed, HandleRbac)
 
 	r.POST("/create-identity", c.CreateIdentity)
 	r.GET("/get-identity", c.GetIdentity)
diff --git a/go.sum b/go.sum
index a639205..24dc842 100644
--- a/go.sum
+++ b/go.sum
@@ -159,6 +159,8 @@ github.com/ory/client-go v0.2.0-alpha.60 h1:sMAqrKP5eUNYyyOYbSjDTwr8EucDxYLGrQC0
 github.com/ory/client-go v0.2.0-alpha.60/go.mod h1:dWbi9DBEjiDXwyuJ1+A2WT1/bIp9HwvVxZxzHzp4YHU=
 github.com/ory/client-go v1.4.6 h1:tW9najNBiWwC3KgU2tq2kCZ1zRCDCNao60a9M1/V71k=
 github.com/ory/client-go v1.4.6/go.mod h1:DfrTIlME7tgrdgpn4UN07s4OJ1SwzHfrkz+C6C0Lbm0=
+github.com/ory/client-go v1.4.7 h1:uWPGGM5zVwpSBfcDIhvA6D+bu2YB7zF4STtpAvzkOco=
+github.com/ory/client-go v1.4.7/go.mod h1:DfrTIlME7tgrdgpn4UN07s4OJ1SwzHfrkz+C6C0Lbm0=
 github.com/ory/keto/proto v0.11.1-alpha.0 h1:xVpFRnnIAGGvP9lYIUwjSWmrO7qVoLn20bT6NxzYQy4=
 github.com/ory/keto/proto v0.11.1-alpha.0/go.mod h1:M9J/kybmyLKRmvvSqYzmRVYx2avY3yDMdUPinsck1q0=
 github.com/ory/keto/proto/ory/keto/acl/v1alpha1 v0.0.0-20210616104402-80e043246cf9 h1:gP86NkMkUlqMOTjFQ8lt8T1HbHtCJGGeeeh/6c+nla0=
diff --git a/pkg/middleware/keto_rolecheck.go b/pkg/middleware/keto_rolecheck.go
new file mode 100644
index 0000000..160ca7a
--- /dev/null
+++ b/pkg/middleware/keto_rolecheck.go
@@ -0,0 +1,47 @@
+package middleware
+
+import (
+	"github.com/gin-gonic/gin"
+	"github.com/sdslabs/nymeria/log"
+	"github.com/sdslabs/nymeria/pkg/wrapper/keto"
+)
+
+func CheckIfAllowed(c *gin.Context) {
+	session, err := GetSession(c)
+	if err != nil {
+		log.ErrorLogger("Couldn't retrieve session: ", err)
+		c.Abort()
+		return
+	}
+	identity := session.GetIdentity()
+	traits := identity.GetTraits()
+	role := traits.(map[string]interface{})["role"]
+
+	requestedRoute := c.Request.URL.String()
+
+	data := map[string]interface{}{
+		"namespace":  "accounts",
+		"object":     requestedRoute,
+		"relation":   "view",
+		"subject_id": role,
+	}
+
+	response, err := keto.MakeRequest(keto.CheckPermissionEndpoint, data)
+	if err != nil {
+		log.ErrorLogger("Error in making request to keto", err)
+		c.Abort()
+		return
+	}
+
+	if response["allowed"] == true {
+		c.Next()
+		return
+	} else {
+		c.JSON(403, gin.H{
+			"error":   "Forbidden",
+			"message": "You don't have permission to access this resource.",
+		})
+		c.Abort()
+		return
+	}
+}
diff --git a/pkg/wrapper/keto/endpoints.go b/pkg/wrapper/keto/endpoints.go
index 02d70bf..99e24b2 100644
--- a/pkg/wrapper/keto/endpoints.go
+++ b/pkg/wrapper/keto/endpoints.go
@@ -19,4 +19,9 @@ var (
 		URL:    config.KetoWriteURL + "/admin/relation-tuples",
 		Method: http.MethodDelete,
 	}
+
+	CheckPermissionEndpoint = Endpoint{
+		URL:    config.KetoReadURL + "/relation-tuples/check",
+		Method: http.MethodPost,
+	}
 )