diff --git a/Controller/NotificationsController.php b/Controller/NotificationsController.php
index 4a7c16e..777360e 100644
--- a/Controller/NotificationsController.php
+++ b/Controller/NotificationsController.php
@@ -114,5 +114,19 @@ public function getlist($userId = null, $limit = 10) {
             $this->set('result', null);
         }
     }
+    public function isAuthorized($user) {
+        if (in_array($this->action, array('index','getlist','getcount'))) {
+            return true;
+        }
 
+        // The owner of notification delete or read it
+        if (in_array($this->action, array('delete','read'))) {
+            $notiId = $this->request->params['pass'][0];
+            if ($this->Notification->isOwnedBy($notiId, $user['id'])) {
+                return true;
+            }
+        }
+
+        return parent::isAuthorized($user);
+    }
 }
diff --git a/Model/Notification.php b/Model/Notification.php
index 6cf5e8c..cd63709 100644
--- a/Model/Notification.php
+++ b/Model/Notification.php
@@ -3,7 +3,9 @@
 App::uses('NotificationsAppModel', 'Notifications.Model');
 
 class Notification extends NotificationsAppModel {
-
+    public function isOwnedBy($id, $user) {
+	    return $this->field('id', array('id' => $id, 'user_id' => $user)) === $id;
+	}
     public $virtualFields = array(
         'name' => 'message'
     );