diff --git a/db/changes/240202/.gitkeep b/db/changes/240202/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/db/changes/240202/00-aclWorkerTimeControl.sql b/db/changes/240202/00-aclWorkerTimeControl.sql
new file mode 100644
index 0000000000..5ccb3131dd
--- /dev/null
+++ b/db/changes/240202/00-aclWorkerTimeControl.sql
@@ -0,0 +1,14 @@
+DELETE FROM salix.ACL
+    WHERE model = 'WorkerTimeControl' 
+        AND property IN ('*','addTime');
+        
+INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
+    VALUES 
+        ('WorkerTimeControl', 'addTimeEntry', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('WorkerTimeControl', 'deleteTimeEntry', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('WorkerTimeControl', 'updateTimeEntry', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('WorkerTimeControl', 'sendMail', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('WorkerTimeControl', 'updateWorkerTimeControlMail', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('WorkerTimeControl', 'weeklyHourRecordEmail', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('WorkerTimeControl', 'getMailStates', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('WorkerTimeControl', 'resendWeeklyHourEmail', 'WRITE', 'ALLOW', 'ROLE', 'employee');
diff --git a/modules/worker/back/methods/worker-time-control/deleteTimeEntry.js b/modules/worker/back/methods/worker-time-control/deleteTimeEntry.js
index 8f95415964..3e1d731bb8 100644
--- a/modules/worker/back/methods/worker-time-control/deleteTimeEntry.js
+++ b/modules/worker/back/methods/worker-time-control/deleteTimeEntry.js
@@ -3,7 +3,7 @@ const UserError = require('vn-loopback/util/user-error');
 module.exports = Self => {
     Self.remoteMethodCtx('deleteTimeEntry', {
         description: 'Deletes a manual time entry for a worker if the user role is above the worker',
-        accessType: 'READ',
+        accessType: 'WRITE',
         accepts: [{
             arg: 'id',
             type: 'number',