diff --git a/Gemfile b/Gemfile
index e824bb2..6af48e3 100644
--- a/Gemfile
+++ b/Gemfile
@@ -21,6 +21,7 @@ gem "administrate"
 gem "graphql"
 gem "tailwindcss-rails"
 gem "httparty"
+gem "pundit"
 
 group :development, :test do
   gem "dotenv-rails"
diff --git a/Gemfile.lock b/Gemfile.lock
index 2fd4fc7..d77b31e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -174,6 +174,8 @@ GEM
     public_suffix (4.0.6)
     puma (5.4.0)
       nio4r (~> 2.0)
+    pundit (2.1.0)
+      activesupport (>= 3.0.0)
     racc (1.5.2)
     rack (2.2.3)
     rack-proxy (0.7.0)
@@ -322,6 +324,7 @@ DEPENDENCIES
   pg (~> 1.1)
   pry-byebug
   puma (~> 5.0)
+  pundit
   rails (~> 6.1.4)
   rspec-rails
   rubocop-rails
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e049134..396f23e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,3 +1,4 @@
 # frozen_string_literal: true
 class ApplicationController < ActionController::Base
+  include Pundit
 end
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
new file mode 100644
index 0000000..f527406
--- /dev/null
+++ b/app/policies/application_policy.rb
@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+class ApplicationPolicy
+  attr_reader :user, :record
+
+  def initialize(user, record)
+    @user = user
+    @record = record
+  end
+
+  def index?
+    false
+  end
+
+  def show?
+    false
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  class Scope
+    attr_reader :user, :scope
+
+    def initialize(user, scope)
+      @user = user
+      @scope = scope
+    end
+
+    def resolve
+      scope.all
+    end
+  end
+end