diff --git a/db/dump/fixtures.before.sql b/db/dump/fixtures.before.sql
index 7447af40f..ea689c609 100644
--- a/db/dump/fixtures.before.sql
+++ b/db/dump/fixtures.before.sql
@@ -108,6 +108,7 @@ INSERT INTO `vn`.`worker`(`id`,`code`, `firstName`, `lastName`, `bossFk`)
 UPDATE `vn`.`worker` SET bossFk = NULL WHERE id = 20;
 UPDATE `vn`.`worker` SET bossFk = 20 WHERE id = 1 OR id = 9;
 UPDATE `vn`.`worker` SET bossFk = 19 WHERE id = 18;
+UPDATE `vn`.`worker` SET bossFk = 50 WHERE id = 49;
 
 DELETE FROM `vn`.`worker` WHERE firstName ='customer';
 
diff --git a/db/versions/11215-purpleIvy/00-firstScript.sql b/db/versions/11215-purpleIvy/00-firstScript.sql
new file mode 100644
index 000000000..ac82b7773
--- /dev/null
+++ b/db/versions/11215-purpleIvy/00-firstScript.sql
@@ -0,0 +1,4 @@
+-- Place your SQL code here
+INSERT INTO salix.ACL (model, property, accessType, permission, principalType, principalId) 
+	VALUES ('Worker', '__get__descriptor', 'READ', 'ALLOW', 'ROLE', 'employee'),
+		('Worker', 'findById', 'READ', 'ALLOW', 'ROLE', '$subordinate');
\ No newline at end of file
diff --git a/loopback/server/boot/role-resolver.js b/loopback/server/boot/role-resolver.js
new file mode 100644
index 000000000..cf70abb39
--- /dev/null
+++ b/loopback/server/boot/role-resolver.js
@@ -0,0 +1,12 @@
+const UserError = require('vn-loopback/util/user-error');
+
+module.exports = async function(app) {
+    const models = app.models;
+
+    models.VnRole.registerResolver('$subordinate', async(role, ctx) => {
+        Object.assign(ctx, {req: {accessToken: {userId: ctx.accessToken.userId}}});
+
+        const isSubordinate = await models.Worker.isSubordinate(ctx, +ctx.modelId);
+        if (!isSubordinate) throw new UserError(`You don't have enough privileges`);
+    });
+};
diff --git a/modules/worker/back/models/worker.json b/modules/worker/back/models/worker.json
index 855d77e39..b809768a4 100644
--- a/modules/worker/back/models/worker.json
+++ b/modules/worker/back/models/worker.json
@@ -140,5 +140,41 @@
             "principalType": "ROLE",
             "principalId": "$owner"
         }
-    ]
-}
+    ],
+    "scopes": {
+        "descriptor": {
+            "include": [
+                {
+                    "relation": "user",
+                    "scope": {
+                        "fields": [
+                            "name",
+                            "nickname"
+                        ],
+                        "include": {
+                            "relation": "emailUser",
+                            "scope": {
+                                "fields": [
+                                    "email"
+                                ]
+                            }
+                        }
+                    }
+                },
+                {
+                    "relation": "department",
+                    "scope": {
+                        "include": [
+                            {
+                                "relation": "department"
+                            }
+                        ]
+                    }
+                },
+                {
+                    "relation": "sip"
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file