diff --git a/back/models/vn-user.js b/back/models/vn-user.js
index 39a0abd9e..b58395acc 100644
--- a/back/models/vn-user.js
+++ b/back/models/vn-user.js
@@ -12,6 +12,8 @@ module.exports = function(Self) {
     require('../methods/vn-user/privileges')(Self);
     require('../methods/vn-user/renew-token')(Self);
 
+    Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create');
+
     // Validations
 
     Self.validatesFormatOf('email', {
diff --git a/back/models/vn-user.json b/back/models/vn-user.json
index 8486e29b8..61e42f77a 100644
--- a/back/models/vn-user.json
+++ b/back/models/vn-user.json
@@ -118,5 +118,24 @@
 			"principalId": "$authenticated",
 			"permission": "ALLOW"
 		}
-	]
+	],
+    "scopes": {
+        "preview": {
+            "fields": [
+                "id",
+                "name",
+                "username",
+                "roleFk",
+                "nickname",
+                "lang",
+                "active",
+                "created",
+                "updated",
+                "image",
+                "hasGrant",
+                "realm",
+                "email"
+            ]
+        }
+    }
 }
diff --git a/db/changes/231801/00-userAcl.sql b/db/changes/231801/00-userAcl.sql
index 64803bf18..9eb3ebf28 100644
--- a/db/changes/231801/00-userAcl.sql
+++ b/db/changes/231801/00-userAcl.sql
@@ -1,6 +1,5 @@
 INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
     VALUES
-        ('VnUser', '*', '*', 'ALLOW', 'ROLE', 'employee'),
         ('VnUser','acl','READ','ALLOW','ROLE','account'),
         ('VnUser','getCurrentUserData','READ','ALLOW','ROLE','account'),
         ('VnUser','changePassword', 'WRITE', 'ALLOW', 'ROLE', 'account'),
diff --git a/db/changes/232601/00-aclAccount.sql b/db/changes/232601/00-aclAccount.sql
new file mode 100644
index 000000000..bf8106b98
--- /dev/null
+++ b/db/changes/232601/00-aclAccount.sql
@@ -0,0 +1,8 @@
+DELETE
+    FROM `salix`.`ACL`
+    WHERE model='Account' AND property='*' AND accessType='*';
+
+INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
+    VALUES
+        ('Account', '*', 'WRITE', 'ALLOW', 'ROLE', 'sysadmin'),
+        ('Account', '*', 'READ', 'ALLOW', 'ROLE', 'employee');
diff --git a/db/changes/232601/00-aclMailAliasAccount.sql b/db/changes/232601/00-aclMailAliasAccount.sql
new file mode 100644
index 000000000..619e9bb6e
--- /dev/null
+++ b/db/changes/232601/00-aclMailAliasAccount.sql
@@ -0,0 +1,5 @@
+DELETE FROM `salix`.`ACL` WHERE model = 'MailAliasAccount';
+INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
+    VALUES
+        ('MailAliasAccount', '*', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('MailAliasAccount', '*', 'WRITE', 'ALLOW', 'ROLE', 'itManagement');
diff --git a/db/changes/232601/00-aclMailForward.sql b/db/changes/232601/00-aclMailForward.sql
new file mode 100644
index 000000000..afe2acec8
--- /dev/null
+++ b/db/changes/232601/00-aclMailForward.sql
@@ -0,0 +1,5 @@
+DELETE FROM `salix`.`ACL` WHERE model = 'MailForward';
+INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
+    VALUES
+        ('MailForward', '*', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('MailForward', '*', 'WRITE', 'ALLOW', 'ROLE', 'itManagement');
diff --git a/db/changes/232601/00-aclRole.sql b/db/changes/232601/00-aclRole.sql
new file mode 100644
index 000000000..e16f052be
--- /dev/null
+++ b/db/changes/232601/00-aclRole.sql
@@ -0,0 +1,5 @@
+DELETE FROM `salix`.`ACL` WHERE model = 'Role';
+INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
+    VALUES
+        ('Role', '*', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Role', '*', 'WRITE', 'ALLOW', 'ROLE', 'it');
diff --git a/db/changes/232601/00-aclVnUser.sql b/db/changes/232601/00-aclVnUser.sql
new file mode 100644
index 000000000..39fa2cb14
--- /dev/null
+++ b/db/changes/232601/00-aclVnUser.sql
@@ -0,0 +1,10 @@
+DELETE
+	FROM `salix`.`ACL`
+	WHERE model = 'VnUser' AND property = '*' AND principalId = 'employee';
+
+INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
+    VALUES
+        ('VnUser', '*', '*', 'ALLOW', 'ROLE', 'itManagement'),
+        ('VnUser', '__get__preview', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('VnUser', 'preview', '*', 'ALLOW', 'ROLE', 'employee'),
+        ('VnUser', 'create', '*', 'ALLOW', 'ROLE', 'itManagement');
diff --git a/e2e/paths/03-worker/06_create.spec.js b/e2e/paths/03-worker/06_create.spec.js
index 98e67edbf..11d36b3cf 100644
--- a/e2e/paths/03-worker/06_create.spec.js
+++ b/e2e/paths/03-worker/06_create.spec.js
@@ -53,7 +53,7 @@ describe('Worker create path', () => {
         expect(message.text).toContain('Data saved!');
 
         // 'rollback'
-        await page.loginAndModule('sysadmin', 'account');
+        await page.loginAndModule('itManagement', 'account');
         await page.accessToSearchResult(newWorker);
 
         await page.waitToClick(selectors.accountDescriptor.menuButton);
diff --git a/e2e/paths/14-account/01_create_and_basic_data.spec.js b/e2e/paths/14-account/01_create_and_basic_data.spec.js
index 54e4d1f12..e38d1aeec 100644
--- a/e2e/paths/14-account/01_create_and_basic_data.spec.js
+++ b/e2e/paths/14-account/01_create_and_basic_data.spec.js
@@ -8,7 +8,7 @@ describe('Account create and basic data path', () => {
     beforeAll(async() => {
         browser = await getBrowser();
         page = browser.page;
-        await page.loginAndModule('developer', 'account');
+        await page.loginAndModule('itManagement', 'account');
     });
 
     afterAll(async() => {
diff --git a/modules/account/front/aliases/index.html b/modules/account/front/aliases/index.html
index 9f4ba857f..11d546afb 100644
--- a/modules/account/front/aliases/index.html
+++ b/modules/account/front/aliases/index.html
@@ -17,7 +17,9 @@
                         <vn-icon-button
                             icon="delete"
                             translate-attr="{title: 'Unsubscribe'}"
-                            ng-click="removeConfirm.show(row)">
+                            ng-click="removeConfirm.show(row)"
+                            vn-acl="itManagement"
+                            vn-acl-action="remove">
                         </vn-icon-button>
                     </vn-item-section>
                 </vn-item>
@@ -30,9 +32,11 @@
         translate-attr="{title: 'Add'}"
         vn-bind="+"
         ng-click="$ctrl.onAddClick()"
-        fixed-bottom-right>
+        fixed-bottom-right
+        vn-acl="itManagement"
+        vn-acl-action="remove">
     </vn-float-button>
-    <vn-dialog 
+    <vn-dialog
         vn-id="dialog"
         on-accept="$ctrl.onAddSave()">
         <tpl-body>
@@ -49,7 +53,7 @@
             <button response="accept" translate>Save</button>
         </tpl-buttons>
     </vn-dialog>
-    <vn-confirm 
+    <vn-confirm
         vn-id="removeConfirm"
         message="User will be removed from alias"
         question="Are you sure you want to continue?"
diff --git a/modules/account/front/card/index.js b/modules/account/front/card/index.js
index e06f991bb..2c8cc7637 100644
--- a/modules/account/front/card/index.js
+++ b/modules/account/front/card/index.js
@@ -5,6 +5,7 @@ import './style.scss';
 class Controller extends ModuleCard {
     reload() {
         const filter = {
+            where: {id: this.$params.id},
             include: {
                 relation: 'role',
                 scope: {
@@ -14,8 +15,11 @@ class Controller extends ModuleCard {
         };
 
         return Promise.all([
-            this.$http.get(`VnUsers/${this.$params.id}`, {filter})
-                .then(res => this.user = res.data),
+            this.$http.get(`VnUsers/preview`, {filter})
+                .then(res => {
+                    const [user] = res.data;
+                    this.user = user;
+                }),
             this.$http.get(`Accounts/${this.$params.id}/exists`)
                 .then(res => this.hasAccount = res.data.exists)
         ]);
diff --git a/modules/account/front/card/index.spec.js b/modules/account/front/card/index.spec.js
index 204b897e4..712d3c1d8 100644
--- a/modules/account/front/card/index.spec.js
+++ b/modules/account/front/card/index.spec.js
@@ -15,12 +15,12 @@ describe('component vnUserCard', () => {
         it('should reload the controller data', () => {
             controller.$params.id = 1;
 
-            $httpBackend.expectGET('VnUsers/1').respond('foo');
+            $httpBackend.expectGET('VnUsers/preview').respond('foo');
             $httpBackend.expectGET('Accounts/1/exists').respond({exists: true});
             controller.reload();
             $httpBackend.flush();
 
-            expect(controller.user).toBe('foo');
+            expect(controller.user).toBe('f');
             expect(controller.hasAccount).toBeTruthy();
         });
     });
diff --git a/modules/account/front/create/index.html b/modules/account/front/create/index.html
index ee2de926a..acc07d346 100644
--- a/modules/account/front/create/index.html
+++ b/modules/account/front/create/index.html
@@ -12,18 +12,18 @@
     <vn-card class="vn-pa-lg">
         <vn-vertical>
             <vn-textfield
-                label="Name" 
+                label="Name"
                 ng-model="$ctrl.user.name"
                 rule="VnUser"
                 vn-focus>
             </vn-textfield>
             <vn-textfield
-                label="Nickname" 
+                label="Nickname"
                 ng-model="$ctrl.user.nickname"
                 rule="VnUser">
             </vn-textfield>
             <vn-textfield
-                label="Email" 
+                label="Email"
                 ng-model="$ctrl.user.email"
                 rule="VnUser">
             </vn-textfield>
@@ -39,7 +39,7 @@
                 type="password">
             </vn-textfield>
             <vn-check
-                label="Active" 
+                label="Active"
                 ng-model="$ctrl.user.active">
             </vn-check>
         </vn-vertical>
diff --git a/modules/account/front/create/index.js b/modules/account/front/create/index.js
index 41fd718f6..01ba7905b 100644
--- a/modules/account/front/create/index.js
+++ b/modules/account/front/create/index.js
@@ -2,6 +2,11 @@ import ngModule from '../module';
 import Section from 'salix/components/section';
 
 export default class Controller extends Section {
+    constructor($element, $) {
+        super($element, $);
+        this.user = {active: true};
+    }
+
     onSubmit() {
         return this.$.watcher.submit().then(res => {
             this.$state.go('account.card.basicData', {id: res.data.id});
diff --git a/modules/account/front/descriptor/index.html b/modules/account/front/descriptor/index.html
index 7a7ba43f3..381b2991c 100644
--- a/modules/account/front/descriptor/index.html
+++ b/modules/account/front/descriptor/index.html
@@ -6,7 +6,7 @@
         <vn-item
             ng-click="deleteUser.show()"
             name="deleteUser"
-            vn-acl="it"
+            vn-acl="itManagement"
             vn-acl-action="remove"
             translate>
             Delete
@@ -15,7 +15,7 @@
             ng-if="::$root.user.id == $ctrl.id"
             ng-click="$ctrl.onChangePassClick(true)"
             name="changePassword"
-            vn-acl="hr"
+            vn-acl="sysadmin"
             vn-acl-action="remove"
             translate>
             Change password
@@ -23,7 +23,7 @@
         <vn-item
             ng-click="$ctrl.onChangePassClick(false)"
             name="setPassword"
-            vn-acl="hr"
+            vn-acl="sysadmin"
             vn-acl-action="remove"
             translate>
             Set password
@@ -32,7 +32,7 @@
             ng-if="!$ctrl.hasAccount"
             ng-click="enableAccount.show()"
             name="enableAccount"
-            vn-acl="it"
+            vn-acl="sysadmin"
             vn-acl-action="remove"
             translate>
             Enable account
@@ -41,7 +41,7 @@
             ng-if="$ctrl.hasAccount"
             ng-click="disableAccount.show()"
             name="disableAccount"
-            vn-acl="it"
+            vn-acl="sysadmin"
             vn-acl-action="remove"
             translate>
             Disable account
@@ -50,7 +50,7 @@
             ng-if="!$ctrl.user.active"
             ng-click="activateUser.show()"
             name="activateUser"
-            vn-acl="hr"
+            vn-acl="itManagement"
             vn-acl-action="remove"
             translate>
             Activate user
@@ -59,7 +59,7 @@
             ng-if="$ctrl.user.active"
             ng-click="deactivateUser.show()"
             name="deactivateUser"
-            vn-acl="hr"
+            vn-acl="itManagement"
             vn-acl-action="remove"
             translate>
             Deactivate user
diff --git a/modules/account/front/index/index.html b/modules/account/front/index/index.html
index d067c8c37..7502c8b3d 100644
--- a/modules/account/front/index/index.html
+++ b/modules/account/front/index/index.html
@@ -14,11 +14,11 @@
                 <vn-item-section>
                     <h6>{{::user.nickname}}</h6>
                     <vn-label-value
-                        label="Id" 
+                        label="Id"
                         value="{{::user.id}}">
                     </vn-label-value>
                     <vn-label-value
-                        label="User" 
+                        label="User"
                         value="{{::user.name}}">
                     </vn-label-value>
                 </vn-item-section>
@@ -36,12 +36,12 @@
 <vn-popup vn-id="summary">
     <vn-user-summary user="$ctrl.selectedUser"></vn-user-summary>
 </vn-popup>
-<a 
+<a
     fixed-bottom-right
     ui-sref="account.create"
     vn-tooltip="New user"
     vn-bind="+"
-    vn-acl="it"
+    vn-acl="itManagement"
     vn-acl-action="remove">
     <vn-float-button icon="add"></vn-float-button>
-</a>
\ No newline at end of file
+</a>
diff --git a/modules/account/front/mail-forwarding/index.html b/modules/account/front/mail-forwarding/index.html
index 6c688f504..df5cd80bf 100644
--- a/modules/account/front/mail-forwarding/index.html
+++ b/modules/account/front/mail-forwarding/index.html
@@ -14,12 +14,12 @@
         <vn-card class="vn-pa-lg">
             <vn-vertical>
                 <vn-check
-                    label="Enable mail forwarding" 
+                    label="Enable mail forwarding"
                     ng-model="watcher.hasData">
                 </vn-check>
                 <vn-textfield
                     ng-if="watcher.hasData"
-                    label="Forward email" 
+                    label="Forward email"
                     ng-model="data.forwardTo"
                     info="All emails will be forwarded to the specified address."
                     rule="MailForward"
diff --git a/modules/account/front/mail-forwarding/locale/es.yml b/modules/account/front/mail-forwarding/locale/es.yml
index 0322e3e42..688ace6b5 100644
--- a/modules/account/front/mail-forwarding/locale/es.yml
+++ b/modules/account/front/mail-forwarding/locale/es.yml
@@ -4,3 +4,4 @@ Enable mail forwarding: Habilitar redirección de correo
 All emails will be forwarded to the specified address.: >
     Todos los correos serán reenviados a la dirección especificada, no se
     mantendrá copia de los mismos en el buzón del usuario.
+You don't have enough privileges: No tienes suficientes permisos
diff --git a/modules/account/front/main/index.html b/modules/account/front/main/index.html
index 5872a328d..36b493ec4 100644
--- a/modules/account/front/main/index.html
+++ b/modules/account/front/main/index.html
@@ -1,6 +1,6 @@
 <vn-crud-model
     vn-id="model"
-    url="VnUsers"
+    url="VnUsers/preview"
     filter="::$ctrl.filter"
     limit="20">
 </vn-crud-model>
diff --git a/modules/account/front/privileges/index.html b/modules/account/front/privileges/index.html
index 8e33b708e..61f2c534e 100644
--- a/modules/account/front/privileges/index.html
+++ b/modules/account/front/privileges/index.html
@@ -1,9 +1,7 @@
 <mg-ajax path="VnUsers/{{post.params.id}}/privileges" options="vnPost"></mg-ajax>
 <vn-watcher
     vn-id="watcher"
-    url="VnUsers"
     data="$ctrl.user"
-    id-value="$ctrl.$params.id"
     form="form"
     save="post">
 </vn-watcher>
@@ -11,15 +9,16 @@
     name="form"
     ng-submit="watcher.submit()"
     class="vn-w-md">
-    <vn-card class="vn-pa-lg" vn-focus>
+    <vn-card class="vn-pa-lg">
         <vn-vertical>
             <vn-check
                 label="Has grant"
                 ng-model="$ctrl.user.hasGrant">
             </vn-check>
         </vn-vertical>
-        <vn-vertical
-            class="vn-mt-md">
+    </vn-card>
+    <vn-card class="vn-pa-lg vn-mt-md">
+        <vn-vertical>
             <vn-autocomplete
                 label="Role"
                 ng-model="$ctrl.user.roleFk"
diff --git a/modules/account/front/privileges/index.js b/modules/account/front/privileges/index.js
index 00ba772df..f69428666 100644
--- a/modules/account/front/privileges/index.js
+++ b/modules/account/front/privileges/index.js
@@ -1,9 +1,21 @@
 import ngModule from '../module';
 import Section from 'salix/components/section';
 
-export default class Controller extends Section {}
+export default class Controller extends Section {
+    get user() {
+        return this._user;
+    }
+
+    set user(value) {
+        this._user = value;
+        if (!value) return;
+    }
+}
 
 ngModule.component('vnUserPrivileges', {
     template: require('./index.html'),
-    controller: Controller
+    controller: Controller,
+    bindings: {
+        user: '<'
+    }
 });
diff --git a/modules/account/front/routes.json b/modules/account/front/routes.json
index cc66df103..fd33e7122 100644
--- a/modules/account/front/routes.json
+++ b/modules/account/front/routes.json
@@ -49,15 +49,13 @@
             "url": "/index?q",
             "state": "account.index",
             "component": "vn-user-index",
-            "description": "Users",
-            "acl": ["marketing", "hr"]
+            "description": "Users"
         },
         {
             "url": "/create",
             "state": "account.create",
             "component": "vn-user-create",
-            "description": "New user",
-            "acl": ["it"]
+            "description": "New user"
         },
         {
             "url": "/:id",
@@ -80,7 +78,7 @@
             "state": "account.card.basicData",
             "component": "vn-user-basic-data",
             "description": "Basic data",
-            "acl": ["hr"]
+            "acl": ["itManagement"]
         },
         {
             "url" : "/log",
@@ -98,8 +96,7 @@
             "url": "/roles",
             "state": "account.card.roles",
             "component": "vn-user-roles",
-            "description": "Inherited roles",
-            "acl": ["it"]
+            "description": "Inherited roles"
         },
         {
             "url": "/mail-forwarding",
@@ -111,15 +108,16 @@
             "url": "/aliases",
             "state": "account.card.aliases",
             "component": "vn-user-aliases",
-            "description": "Mail aliases",
-            "acl": ["marketing", "hr"]
+            "description": "Mail aliases"
         },
         {
             "url": "/privileges",
             "state": "account.card.privileges",
             "component": "vn-user-privileges",
             "description": "Privileges",
-            "acl": ["hr"]
+            "params": {
+                "user": "$ctrl.user"
+            }
         },
         {
             "url": "/role?q",
@@ -180,8 +178,7 @@
             "url": "/alias?q",
             "state": "account.alias",
             "component": "vn-alias",
-            "description": "Mail aliases",
-            "acl": ["marketing"]
+            "description": "Mail aliases"
         },
         {
             "url": "/create",
diff --git a/modules/account/front/summary/index.js b/modules/account/front/summary/index.js
index 8d30070e9..53b66dbe2 100644
--- a/modules/account/front/summary/index.js
+++ b/modules/account/front/summary/index.js
@@ -8,6 +8,7 @@ class Controller extends Summary {
         if (!value) return;
 
         const filter = {
+            where: {id: value.id},
             include: {
                 relation: 'role',
                 scope: {
@@ -15,8 +16,11 @@ class Controller extends Summary {
                 }
             }
         };
-        this.$http.get(`VnUsers/${value.id}`, {filter})
-            .then(res => this.$.summary = res.data);
+        this.$http.get(`VnUsers/preview`, {filter})
+            .then(res => {
+                const [summary] = res.data;
+                this.$.summary = summary;
+            });
     }
     get isHr() {
         return this.aclService.hasAny(['hr']);
diff --git a/modules/client/front/web-access/index.html b/modules/client/front/web-access/index.html
index 15dc5ed58..74407ba5c 100644
--- a/modules/client/front/web-access/index.html
+++ b/modules/client/front/web-access/index.html
@@ -1,7 +1,5 @@
 <vn-watcher
     vn-id="watcher"
-    url="VnUsers" 
-    id-field="id"
     data="$ctrl.account"
     form="form">
 </vn-watcher>
@@ -51,9 +49,9 @@
             label="Save">
         </vn-submit>
         <vn-button
-        ng-if="$ctrl.canChangePassword"
-        label="Change password"
-        vn-dialog="change-pass">
+            ng-if="$ctrl.canChangePassword"
+            label="Change password"
+            vn-dialog="change-pass">
         </vn-button>
         <vn-button
             class="cancel"
diff --git a/modules/client/front/web-access/index.js b/modules/client/front/web-access/index.js
index 2c7cdb5cb..b5ba84bb6 100644
--- a/modules/client/front/web-access/index.js
+++ b/modules/client/front/web-access/index.js
@@ -8,6 +8,22 @@ export default class Controller extends Section {
         this.canEnableCheckBox = true;
     }
 
+    set client(value) {
+        this._client = value;
+        if (!value) return;
+
+        const filter = {where: {id: value.id}};
+        this.$http.get(`VnUsers/preview`, {filter})
+            .then(res => {
+                const [user] = res.data;
+                this.account = user;
+            });
+    }
+
+    get client() {
+        return this._client;
+    }
+
     $onChanges() {
         if (this.client) {
             this.account = this.client.account;
diff --git a/modules/client/front/web-access/index.spec.js b/modules/client/front/web-access/index.spec.js
index c1bb47a8e..7325bf932 100644
--- a/modules/client/front/web-access/index.spec.js
+++ b/modules/client/front/web-access/index.spec.js
@@ -5,12 +5,14 @@ describe('Component VnClientWebAccess', () => {
     let $scope;
     let vnApp;
     let controller;
+    let $httpParamSerializer;
 
     beforeEach(ngModule('client'));
 
-    beforeEach(inject(($componentController, $rootScope, _$httpBackend_, _vnApp_) => {
+    beforeEach(inject(($componentController, $rootScope, _$httpBackend_, _$httpParamSerializer_, _vnApp_) => {
         $scope = $rootScope.$new();
         $httpBackend = _$httpBackend_;
+        $httpParamSerializer = _$httpParamSerializer_;
         vnApp = _vnApp_;
         jest.spyOn(vnApp, 'showError');
         const $element = angular.element('<vn-client-web-access></vn-client-web-access>');
@@ -32,7 +34,10 @@ describe('Component VnClientWebAccess', () => {
     describe('isCustomer()', () => {
         it('should return true if the password can be modified', () => {
             controller.client = {id: '1234'};
+            const filter = {where: {id: controller.client.id}};
+            const serializedParams = $httpParamSerializer({filter});
 
+            $httpBackend.expectGET(`VnUsers/preview?${serializedParams}`).respond('foo');
             $httpBackend.expectGET(`Clients/${controller.client.id}/hasCustomerRole`).respond(true);
             controller.isCustomer();
             $httpBackend.flush();
@@ -42,7 +47,10 @@ describe('Component VnClientWebAccess', () => {
 
         it(`should return a false if the password can't be modified`, () => {
             controller.client = {id: '1234'};
+            const filter = {where: {id: controller.client.id}};
+            const serializedParams = $httpParamSerializer({filter});
 
+            $httpBackend.expectGET(`VnUsers/preview?${serializedParams}`).respond('foo');
             $httpBackend.expectGET(`Clients/${controller.client.id}/hasCustomerRole`).respond(false);
             controller.isCustomer();
             $httpBackend.flush();
@@ -54,9 +62,12 @@ describe('Component VnClientWebAccess', () => {
     describe('checkConditions()', () => {
         it('should perform a query to check if the client is valid', () => {
             controller.client = {id: '1234'};
+            const filter = {where: {id: controller.client.id}};
+            const serializedParams = $httpParamSerializer({filter});
 
             expect(controller.canEnableCheckBox).toBeTruthy();
 
+            $httpBackend.expectGET(`VnUsers/preview?${serializedParams}`).respond('foo');
             $httpBackend.expectGET(`Clients/${controller.client.id}/isValidClient`).respond(false);
             controller.checkConditions();
             $httpBackend.flush();
@@ -82,7 +93,10 @@ describe('Component VnClientWebAccess', () => {
             controller.newPassword = 'm24x8';
             controller.repeatPassword = 'm24x8';
             controller.canChangePassword = true;
+            const filter = {where: {id: controller.client.id}};
+            const serializedParams = $httpParamSerializer({filter});
 
+            $httpBackend.expectGET(`VnUsers/preview?${serializedParams}`).respond('foo');
             const query = `Clients/${controller.client.id}/setPassword`;
             $httpBackend.expectPATCH(query, {newPassword: controller.newPassword}).respond('done');
             controller.onPassChange();
diff --git a/modules/worker/back/methods/worker/isAuthorized.js b/modules/worker/back/methods/worker/isAuthorized.js
new file mode 100644
index 000000000..519aab94f
--- /dev/null
+++ b/modules/worker/back/methods/worker/isAuthorized.js
@@ -0,0 +1,44 @@
+module.exports = Self => {
+    Self.remoteMethod('isAuthorized', {
+        description: 'Return true if the current user is a superior of the worker that is passed by parameter',
+        accessType: 'READ',
+        accepts: [{
+            arg: 'ctx',
+            type: 'Object',
+            http: {source: 'context'}
+        }, {
+            arg: 'id',
+            type: 'number',
+            required: true,
+            description: 'The worker id',
+            http: {source: 'path'}
+        }],
+        returns: {
+            type: 'boolean',
+            root: true
+        },
+        http: {
+            path: `/:id/isAuthorized`,
+            verb: 'GET'
+        }
+    });
+
+    Self.isAuthorized = async(ctx, id, options) => {
+        const models = Self.app.models;
+        const currentUserId = ctx.req.accessToken.userId;
+        const isHimself = currentUserId == id;
+
+        const myOptions = {};
+
+        if (typeof options == 'object')
+            Object.assign(myOptions, options);
+
+        const isSubordinate = await models.Worker.isSubordinate(ctx, id, myOptions);
+        const isTeamBoss = await models.VnUser.hasRole(currentUserId, 'teamBoss', myOptions);
+
+        if (!isSubordinate || (isSubordinate && isHimself && !isTeamBoss))
+            return false;
+
+        return true;
+    };
+};
diff --git a/modules/worker/back/models/worker.js b/modules/worker/back/models/worker.js
index fa17640a8..b44703a88 100644
--- a/modules/worker/back/models/worker.js
+++ b/modules/worker/back/models/worker.js
@@ -16,6 +16,7 @@ module.exports = Self => {
     require('../methods/worker/new')(Self);
     require('../methods/worker/deallocatePDA')(Self);
     require('../methods/worker/allocatePDA')(Self);
+    require('../methods/worker/isAuthorized')(Self);
 
     Self.validatesUniquenessOf('locker', {
         message: 'This locker has already been assigned'
diff --git a/modules/worker/front/account/index.html b/modules/worker/front/account/index.html
deleted file mode 100644
index 6f6be660c..000000000
--- a/modules/worker/front/account/index.html
+++ /dev/null
@@ -1,33 +0,0 @@
-<mg-ajax
-    path="VnUsers/{{$ctrl.worker.userFk}}"
-    actions="user = edit.model"
-    options="mgEdit">
-</mg-ajax>
-<vn-watcher
-    vn-id="watcher"
-    url="VnUsers"
-    id-field="id"
-    data="user"
-    form="form">
-</vn-watcher>
-<form name="form" ng-submit="$ctrl.onSubmit()" class="vn-w-md">
-    <vn-card class="vn-pa-lg">
-        <vn-vertical>
-            <vn-horizontal>
-                <vn-field
-                    vn-one
-                    label="Nickname" 
-                    ng-model="user.nickname">
-                </vn-field>
-            </vn-horizontal>
-        </vn-vertical>
-    </vn-card>
-    <vn-button-bar>
-        <vn-submit label="Save"></vn-submit>
-        <vn-button
-            label="Undo changes"
-            ng-if="watcher.dataChanged()"
-            ng-click="watcher.loadOriginalData()">
-        </vn-button>
-    </vn-button-bar>
-</form>
diff --git a/modules/worker/front/calendar/index.html b/modules/worker/front/calendar/index.html
index c9eacbd82..29540081e 100644
--- a/modules/worker/front/calendar/index.html
+++ b/modules/worker/front/calendar/index.html
@@ -63,6 +63,7 @@
                 ng-model="$ctrl.businessId"
                 search-function="{businessFk: $search}"
                 value-field="businessFk"
+                show-field="businessFk"
                 order="businessFk DESC"
                 limit="5">
                 <tpl-item>
diff --git a/modules/worker/front/calendar/index.js b/modules/worker/front/calendar/index.js
index 4ca0fc929..a52ecd7da 100644
--- a/modules/worker/front/calendar/index.js
+++ b/modules/worker/front/calendar/index.js
@@ -71,10 +71,6 @@ class Controller extends Section {
         }
     }
 
-    get payedHolidays() {
-        return this._businessId;
-    }
-
     buildYearFilter() {
         const now = Date.vnNew();
         now.setFullYear(now.getFullYear() + 1);
@@ -95,10 +91,10 @@ class Controller extends Section {
     }
 
     getActiveContract() {
-        this.$http.get(`Workers/${this.worker.id}/activeContract`).then(res => {
-            if (res.data)
-                this.businessId = res.data.businessFk;
-        });
+        this.$http.get(`Workers/${this.worker.id}/activeContract`)
+            .then(res => {
+                if (res.data) this.businessId = res.data.businessFk;
+            });
     }
 
     getContractHolidays() {