diff --git a/app/controllers/complaints_controller.rb b/app/controllers/complaints_controller.rb
index ac99a7f9c9a0d79d4d7acf09cb46250fb26b1f17..c83724f235e47114724a38f375de20f7dda1fd5a 100644
--- a/app/controllers/complaints_controller.rb
+++ b/app/controllers/complaints_controller.rb
@@ -1,4 +1,7 @@
 class ComplaintsController < ApplicationController
+  include Pundit
+
+  before_action :authorize_action
   before_action :authenticate_user!
 
   def create
@@ -20,4 +23,10 @@ class ComplaintsController < ApplicationController
   def complaint_params
     params.require(:complaint).permit(:complaintable_id, :complaintable_type, :complaint_reason_id, :description)
   end
+
+  def authorize_action
+    @complaint ||= Complaint.new(complaint_params)
+    authorize @complaint
+  end
+
 end
diff --git a/app/controllers/institutions_controller.rb b/app/controllers/institutions_controller.rb
index 645cc37c083958f49dd1f59676bd07435bb5e977..0496cd655fae13d66302beda0fa3784c0a689ff5 100644
--- a/app/controllers/institutions_controller.rb
+++ b/app/controllers/institutions_controller.rb
@@ -1,5 +1,8 @@
 class InstitutionsController < ApplicationController
+  include Pundit
+
   before_action :set_institution, only: [:show, :edit, :update, :destroy, :like, :users]
+  before_action :authorize_action
 
   # GET /institutions
   # GET /institutions.json
@@ -72,4 +75,9 @@ class InstitutionsController < ApplicationController
     params[:institution_object]
   end
 
+  def authorize_action
+    @institution ||= Institution.new
+    authorize @institution
+  end
+
 end
diff --git a/app/controllers/reviews_controller.rb b/app/controllers/reviews_controller.rb
index 35145a8a21e0cbd91d8ff71da5a0c35da017b9ef..1782a404fcdce9b6edc82ff3c932a9f72e041709 100644
--- a/app/controllers/reviews_controller.rb
+++ b/app/controllers/reviews_controller.rb
@@ -1,6 +1,10 @@
 class ReviewsController < ApplicationController
+  include Pundit
+
   before_action :authenticate_user!, except: [:show, :list]
   before_action :set_review, only: [:show, :destroy]
+  before_action :authorize_action
+
 
   def list
     if !params[:learning_object_id].blank?
@@ -81,4 +85,10 @@ class ReviewsController < ApplicationController
     when 'false' then false
     end
   end
+
+  def authorize_action
+    @review||= Review.new
+    authorize @review
+  end
+
 end
diff --git a/app/policies/collection_policy.rb b/app/policies/collection_policy.rb
index c498afe1582937472e2b1a43e23655a44ed37339..ecb2a4833b0bb580d17a71c8bba4999cf52895ac 100644
--- a/app/policies/collection_policy.rb
+++ b/app/policies/collection_policy.rb
@@ -35,5 +35,4 @@ class CollectionPolicy < ApplicationPolicy
   def owner
     record.owner
   end
-
 end
diff --git a/app/policies/complaint_policy.rb b/app/policies/complaint_policy.rb
new file mode 100644
index 0000000000000000000000000000000000000000..81482c381ac10093952d269eee752d740200316e
--- /dev/null
+++ b/app/policies/complaint_policy.rb
@@ -0,0 +1,6 @@
+class ComplaintPolicy < ApplicationPolicy
+
+  def create?
+    record if user_exists?
+  end
+end
diff --git a/app/policies/institution_policy.rb b/app/policies/institution_policy.rb
new file mode 100644
index 0000000000000000000000000000000000000000..cac5c618de79be31c3631ff9d04e1321e1f5cd66
--- /dev/null
+++ b/app/policies/institution_policy.rb
@@ -0,0 +1,19 @@
+class InstitutionPolicy < ApplicationPolicy
+
+  def create?
+    record if user.is_admin?
+  end
+
+  def update?
+    record if user.is_admin?
+  end
+
+  def index?
+    record if user.is_admin?
+  end
+
+  def destroy?
+    record if user.is_admin?
+  end
+
+end
diff --git a/app/policies/review_policy.rb b/app/policies/review_policy.rb
new file mode 100644
index 0000000000000000000000000000000000000000..1ddb5e9c62a5eef942d26408b87edbdcc5547d8a
--- /dev/null
+++ b/app/policies/review_policy.rb
@@ -0,0 +1,22 @@
+class ReviewPolicy < ApplicationPolicy
+
+  def create?
+    record if user_exists?
+  end
+
+  def update?
+    record if owns?
+  end
+
+  def destroy?
+    record if owns?
+  end
+
+  def rate?
+    record if user_exists?
+  end
+
+  def owner
+    record.users
+  end
+end
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
new file mode 100644
index 0000000000000000000000000000000000000000..5fc8e5841ac35d03b0d0324b9574f0065f97e0e3
--- /dev/null
+++ b/app/policies/user_policy.rb
@@ -0,0 +1,17 @@
+class UserPolicy < ApplicationPolicy
+  def show?
+    record if user_exists?
+  end
+
+  def list?
+    record
+  end
+
+  def follow?
+    record if user_exists?
+  end
+
+  def unfollow?
+    record if user_exists?
+  end
+end