diff --git a/includes/config.inc.php-dist b/includes/config.inc.php-dist
index bc00616..4b1ff16 100644
--- a/includes/config.inc.php-dist
+++ b/includes/config.inc.php-dist
@@ -10,6 +10,12 @@ $logging = TRUE;
 $allowclearlogs = TRUE;  # Allow clearing of log entries
 $allowrotatelogs = FALSE;# Allow rotation to text file on server
 
+$restrictediting = TRUE; # Restrict editing of record types
+$restrictedtypes = array( 
+    'SOA' => 1,
+    'NS' => 1
+);
+
 # Log directory - if allowrotatelogs is set, this is where the logs will
 # be written. It must be writeable by the web server user.
 $logsdirectory = "../etc";
diff --git a/index.php b/index.php
index 31f328f..593ce29 100644
--- a/index.php
+++ b/index.php
@@ -796,6 +796,75 @@ $(document).ready(function () {
                 inputClass: 'serial',
                 listClass: 'serial'
             },
+            permissions: {
+                title: 'Permissions',
+                width: '10%',
+                create: false,
+                edit: false,
+                display: function(data) {
+                    var $img = $('<img class="list" src="img/list.png" title="Permissions" />');
+                    $img.click(function () {
+                        $('#SlaveZones').jtable('openChildTable',
+                            $img.closest('tr'), {
+                                title: 'Permissions for ' + data.record.name,
+                                openChildAsAccordion: true,
+                                actions: {
+                                    listAction: 'permissions.php?action=list&zoneid=' + data.record.id,
+                                    createAction: 'permissions.php?action=add&zoneid=' + data.record.id,
+                                    deleteAction: 'permissions.php?action=remove&zoneid=' + data.record.id
+                                },
+                                fields: {
+                                    id: {
+                                        key: true,
+                                        type: 'hidden'
+                                    },
+                                    type: {
+                                        title: 'Type',
+                                        inputClass: "permissionstype",
+                                        options: {
+                                            'user': 'User',
+                                            'group': 'Group'
+                                        },
+                                        create: true,
+                                        edit: false
+                                    },
+                                    value: {
+                                        title: 'Name',
+                                        inputClass: "usergrouplist",
+                                        display: displayContent('value')
+                                    },
+                                    permissions: {
+                                        title: 'Permissions',
+                                        options: {
+                                            '1' : 'View Only',
+<?php if($restrictediting) { ?>
+                                            '3' : 'Update normal records',
+                                            '7' : 'Update all records',
+<?php } else { ?>
+                                            '7' : 'Update',
+<?php } ?>
+                                            '15' : 'Admin'
+                                        }
+                                    }
+                                },
+                                formCreated: function(event, dat) {
+                                    $( ".usergrouplist" ).autocomplete({
+                                        source: "users.php?action=autocomplete&zoneid=" + data.record.id + "&type=" + $( ".permissionstype" ).val()
+                                    });
+                                    $( ".permissionstype" ).change(function() {
+                                      $( ".usergrouplist" ).val("");
+                                      $( ".usergrouplist" ).autocomplete({
+                                          source: "users.php?action=autocomplete&type=" + $( ".permissionstype" ).val()
+                                      });
+                                    });
+                                }
+                            }, function (data) {
+                                data.childTable.jtable('load');
+                            })
+                    });
+                    return $img;
+                }
+            },
             exportzone: {
                 title: '',
                 width: '1%',
diff --git a/permissions.php b/permissions.php
new file mode 100644
index 0000000..713e465
--- /dev/null
+++ b/permissions.php
@@ -0,0 +1,83 @@
+<?php
+
+include_once('includes/config.inc.php');
+include_once('includes/session.inc.php');
+include_once('includes/misc.inc.php');
+
+if (!is_csrf_safe()) {
+    header('Status: 403');
+    header('Location: ./index.php');
+    jtable_respond(null, 'error', "Authentication required");
+}
+
+$zoneid = isset($_GET['zoneid']) ? intval($_GET['zoneid']) : '';
+
+if (!is_adminuser()) {
+    header('Status: 403');
+    jtable_respond(null, 'error', "You need adminprivileges to get here");
+}
+
+if (!isset($_GET['action'])) {
+    header('Status: 400');
+    jtable_respond(null, 'error', 'No action given');
+}
+
+switch ($_GET['action']) {
+
+case "list":
+
+    if ($zoneid != '') {
+        $permissions = get_zone_permissions($zoneid);
+        jtable_respond($permissions);
+    } else {
+        jtable_respond(null, 'error', 'Could not list zone permissions');
+    }
+    break;
+
+case "add":
+    $type = isset($_POST['type']) ? $_POST['type'] : '';
+    $value = isset($_POST['value']) ? $_POST['value'] : '';
+    $permissons = isset($_POST['permissions']) ? $_POST['permissions'] : '';
+
+    if ($zoneid != '') {
+        if (user_exists($user)) {
+            if(is_group_member($groupid,$user)) {
+                jtable_respond(null, 'error', "User already a member of the group");
+            } elseif(!is_null($id=add_group_member($groupid,$user))) {
+                $entry = array('id' => $id,'user' => $user);
+                jtable_respond($entry, 'single');
+            } else {
+                jtable_respond(null, 'error', "Failed to add user to group");
+            }
+        } else {
+            jtable_respond(null, 'error', "User doesn't exist");
+        }
+    } else {
+        jtable_respond(null, 'error', 'Zone not specified');
+    }
+    break;
+
+case "remove":
+
+    if ($id != '') {
+        if(remove_group_member($id)) {
+            jtable_respond(null, 'delete');
+        } else {
+            jtable_respond(null, 'error', "Failed to delete user from group");
+        }
+    } else {
+        jtable_respond(null, 'error', 'ID not specified');
+    }
+    break;
+
+case "autocomplete":
+    $term = isset($_GET['type']) ? $_GET['type'] : '';
+    $term = isset($_GET['term']) ? $_GET['term'] : '';
+    $users=get_usernames_filtered($term);
+    print json_encode($users);
+    break;
+
+default:
+    jtable_respond(null, 'error', 'Invalid action');
+    break;
+}