diff --git a/src/Model/Testimonial.php b/src/Model/Testimonial.php
index 3e90827..e2862d3 100644
--- a/src/Model/Testimonial.php
+++ b/src/Model/Testimonial.php
@@ -3,6 +3,8 @@
 namespace Dynamic\Elements\Model;
 
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\PermissionProvider;
 
 /**
  * Class Testimonial
@@ -14,7 +16,7 @@
  * @property string $Position
  * @property string $Affiliation
  */
-class Testimonial extends DataObject
+class Testimonial extends DataObject implements PermissionProvider
 {
     /**
      * @var string
@@ -65,6 +67,51 @@ class Testimonial extends DataObject
     private static $summary_fields = [
         'Title',
         'Content.Summary',
-        'Name'
+        'Name',
     ];
+
+    /**
+     * @return array
+     */
+    public function providePermissions()
+    {
+        return ['Testimonial_MANAGE' => 'Manage Testimonials'];
+    }
+
+    /**
+     * @param null $member
+     * @param array $context
+     * @return bool|int
+     */
+    public function canCreate($member = null, $context = [])
+    {
+        return Permission::check('Testimonial_MANAGE', 'any', $member);
+    }
+
+    /**
+     * @param null $member
+     * @return bool|int
+     */
+    public function canEdit($member = null)
+    {
+        return Permission::check('Testimonial_MANAGE', 'any', $member);
+    }
+
+    /**
+     * @param null $member
+     * @return bool|int
+     */
+    public function canDelete($member = null)
+    {
+        return Permission::check('Testimonial_MANAGE', 'any', $member);
+    }
+
+    /**
+     * @param null $member
+     * @return bool
+     */
+    public function canView($member = null)
+    {
+        return true;
+    }
 }
diff --git a/src/Model/TestimonialCategory.php b/src/Model/TestimonialCategory.php
index 7514857..16800fe 100644
--- a/src/Model/TestimonialCategory.php
+++ b/src/Model/TestimonialCategory.php
@@ -42,4 +42,41 @@ class TestimonialCategory extends DataObject
         'Testimonials' => Testimonial::class,
         'TestimonialElements' => ElementTestimonials::class,
     ];
+
+    /**
+     * @param null $member
+     * @param array $context
+     * @return bool
+     */
+    public function canCreate($member = null, $context = [])
+    {
+        return Testimonial::singleton()->canCreate($member, $context);
+    }
+
+    /**
+     * @param null $member
+     * @return bool
+     */
+    public function canEdit($member = null)
+    {
+        return Testimonial::singleton()->canEdit($member);
+    }
+
+    /**
+     * @param null $member
+     * @return bool
+     */
+    public function canDelete($member = null)
+    {
+        return Testimonial::singleton()->canDelete($member);
+    }
+
+    /**
+     * @param null $member
+     * @return bool
+     */
+    public function canView($member = null)
+    {
+        return true;
+    }
 }
diff --git a/tests/Model/TestimonialCategoryTest.php b/tests/Model/TestimonialCategoryTest.php
new file mode 100644
index 0000000..34a1119
--- /dev/null
+++ b/tests/Model/TestimonialCategoryTest.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace Dynamic\Elements\Tests\Model;
+
+use Dynamic\Elements\Model\TestimonialCategory;
+use SilverStripe\Dev\SapphireTest;
+use SilverStripe\Security\Member;
+
+/**
+ * Class TestimonialCategoryTest
+ * @package Dynamic\Elements\Tests\Model
+ */
+class TestimonialCategoryTest extends SapphireTest
+{
+    /**
+     * @var string
+     */
+    protected static $fixture_file = '../fixtures.yml';
+
+    /**
+     *
+     */
+    public function testCanCreate()
+    {
+        $this->assertTrue(TestimonialCategory::singleton()->canCreate($this->objFromFixture(Member::class, 'site-owner')));
+        $this->assertFalse(TestimonialCategory::singleton()->canCreate(Member::singleton()));
+    }
+
+    /**
+     *
+     */
+    public function testCanEdit()
+    {
+        $this->assertTrue($this->objFromFixture(TestimonialCategory::class, 'one')->canEdit($this->objFromFixture(Member::class, 'site-owner')));
+        $this->assertFalse($this->objFromFixture(TestimonialCategory::class, 'one')->canEdit(Member::singleton()));
+    }
+
+    /**
+     *
+     */
+    public function testCanDelete()
+    {
+        $this->assertTrue($this->objFromFixture(TestimonialCategory::class, 'one')->canDelete($this->objFromFixture(Member::class, 'site-owner')));
+        $this->assertFalse($this->objFromFixture(TestimonialCategory::class, 'one')->canDelete(Member::singleton()));
+    }
+
+    /**
+     *
+     */
+    public function testCanView()
+    {
+        $this->assertTrue($this->objFromFixture(TestimonialCategory::class, 'one')->canView($this->objFromFixture(Member::class, 'site-owner')));
+        $this->assertTrue($this->objFromFixture(TestimonialCategory::class, 'one')->canView(Member::singleton()));
+    }
+}
diff --git a/tests/Model/TestimonialTest.php b/tests/Model/TestimonialTest.php
new file mode 100644
index 0000000..a9c566f
--- /dev/null
+++ b/tests/Model/TestimonialTest.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace Dynamic\Elements\Tests\Model;
+
+use Dynamic\Elements\Model\Testimonial;
+use SilverStripe\Dev\SapphireTest;
+use SilverStripe\Security\Member;
+
+/**
+ * Class TestimonialTest
+ * @package Dynamic\Elements\Tests\Model
+ */
+class TestimonialTest extends SapphireTest
+{
+    /**
+     * @var string
+     */
+    protected static $fixture_file = '../fixtures.yml';
+
+    /**
+     *
+     */
+    public function testCanCreate()
+    {
+        $this->assertTrue(Testimonial::singleton()->canCreate($this->objFromFixture(Member::class, 'site-owner')));
+        $this->assertFalse(Testimonial::singleton()->canCreate(Member::singleton()));
+    }
+
+    /**
+     *
+     */
+    public function testCanEdit()
+    {
+        $this->assertTrue($this->objFromFixture(Testimonial::class, 'one')->canEdit($this->objFromFixture(Member::class, 'site-owner')));
+        $this->assertFalse($this->objFromFixture(Testimonial::class, 'one')->canEdit(Member::singleton()));
+    }
+
+    /**
+     *
+     */
+    public function testCanDelete()
+    {
+        $this->assertTrue($this->objFromFixture(Testimonial::class, 'one')->canDelete($this->objFromFixture(Member::class, 'site-owner')));
+        $this->assertFalse($this->objFromFixture(Testimonial::class, 'one')->canDelete(Member::singleton()));
+    }
+
+    /**
+     *
+     */
+    public function testCanView()
+    {
+        $this->assertTrue($this->objFromFixture(Testimonial::class, 'one')->canView($this->objFromFixture(Member::class, 'site-owner')));
+        $this->assertTrue($this->objFromFixture(Testimonial::class, 'one')->canView(Member::singleton()));
+    }
+}
diff --git a/tests/fixtures.yml b/tests/fixtures.yml
index 14e900b..7204cea 100644
--- a/tests/fixtures.yml
+++ b/tests/fixtures.yml
@@ -1,3 +1,33 @@
+SilverStripe\Security\Group:
+  administrators:
+    Title: Administrators
+  site-owners:
+    Title: "Site Owners"
+SilverStripe\Security\Permission:
+  administrators:
+    Code: ADMIN
+    Type: 1
+    Group: =>SilverStripe\Security\Group.administrators
+  testimonials:
+    Code: Testimonial_MANAGE
+    Type: 1
+    Group: =>SilverStripe\Security\Group.site-owners
+SilverStripe\Security\Member:
+  admin:
+    FirstName: Default
+    Surname: Admin
+    Email: admin@dynamicagency.com
+    Groups: =>SilverStripe\Security\Group.administrators
+  site-owner:
+    FirstName: "Site"
+    Surname: "Owner"
+    Email: "owner"
+    Password: "owner"
+    Groups: =>SilverStripe\Security\Group.site-owners
+  default:
+    FirstName: Default
+    Surname: User
+    Email: user@dynamicagency.com
 Dynamic\Elements\Model\TestimonialCategory:
   one:
     Title: "Category Foo"
@@ -56,4 +86,4 @@ Dynamic\Elements\Model\Testimonial:
     Name: "Anonymous"
     Position: "Wouldn't you like to know"
     Affiliation: "That's hidden"
-    TestimonialCategories: =>Dynamic\Elements\Model\TestimonialCategory.three
\ No newline at end of file
+    TestimonialCategories: =>Dynamic\Elements\Model\TestimonialCategory.three