diff --git a/app/controllers/v1/languages_controller.rb b/app/controllers/v1/languages_controller.rb
index ce098797e3cdc5f9f6def8dfa12cb43889f53705..ebd2e3fc249442642dd8f5d01996398f22fba865 100644
--- a/app/controllers/v1/languages_controller.rb
+++ b/app/controllers/v1/languages_controller.rb
@@ -22,6 +22,7 @@ class V1::LanguagesController < ApplicationController
 
   before_action :authenticate_user!, except: [:index, :show]
   before_action :set_language, only: [:show, :update, :destroy]
+  before_action :authorize!, only: [:update, :destroy]
 
   # GET /languages
   # GET /languages.json
@@ -40,6 +41,7 @@ class V1::LanguagesController < ApplicationController
   # POST /languages.json
   def create
     @language = Language.new(language_params)
+    authorize @language
 
     if @language.save
       render json: @language, status: :created
@@ -77,4 +79,9 @@ class V1::LanguagesController < ApplicationController
   def language_params
     params.require(:language).permit(:name, :code)
   end
+
+  def authorize!
+    authorize @language
+  end
+
 end
diff --git a/app/controllers/v1/scores_controller.rb b/app/controllers/v1/scores_controller.rb
index 578d2d5024feb88dde0752178c1c273763f768f2..cbe8ff4001672ffd4758875d2dc8a4471b95b658 100644
--- a/app/controllers/v1/scores_controller.rb
+++ b/app/controllers/v1/scores_controller.rb
@@ -20,8 +20,9 @@
 class V1::ScoresController < ApplicationController
   include ::Paginator
 
-  before_action :set_score, only: [:show,:update]
   before_action :authenticate_user!, only: [:update]
+  before_action :set_score, only: [:show, :update]
+  before_action :authorize!, only: [:update]
 
   # GET v1/scores
   # GET v1/scores.json
@@ -41,7 +42,7 @@ class V1::ScoresController < ApplicationController
   # PUT/PATCH /v1/scores/1.json
   def update
     if @score.update(score_params)
-      render json: @score, status: :ok
+      render json: @score, status: :ok, :notice => "Score updated."
     else
       render json: @score.errors, status: :unprocessable_entity
     end
@@ -57,4 +58,8 @@ class V1::ScoresController < ApplicationController
     params.require(:score).permit(:name, :weight, :active, score_type: [])
   end
 
+  def authorize!
+    authorize @score
+  end
+
 end
diff --git a/app/policies/score_policy.rb b/app/policies/score_policy.rb
new file mode 100644
index 0000000000000000000000000000000000000000..8f837df38cd5393de7e9f34ae5b126a59969b2ef
--- /dev/null
+++ b/app/policies/score_policy.rb
@@ -0,0 +1,40 @@
+
+# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
+# Departamento de Informatica - Universidade Federal do Parana
+#
+# This file is part of portalmec.
+#
+# portalmec is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# portalmec is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with portalmec.  If not, see <http://www.gnu.org/licenses/>.
+
+class ScorePolicy < ApplicationPolicy
+  def index?
+    record
+  end
+
+  def show?
+    record
+  end
+
+  def create?
+    record if user.is_admin?
+  end
+
+  def update?
+    record if user.is_admin?
+  end
+
+  def destroy?
+    record if user.is_admin?
+  end
+end