diff --git a/API/Authentication/ColorAuthentication.cs b/API/Authentication/ColorAuthentication.cs
index 01f361b..f7c6bef 100644
--- a/API/Authentication/ColorAuthentication.cs
+++ b/API/Authentication/ColorAuthentication.cs
@@ -1,41 +1,43 @@
+using API.Authentication.GrantNames;
 using API.Authentication.Interfaces;
 using API.DTO.Base;
+using API.Services;
 using DAL.Models;
 
 namespace API.Authentication
 {
 	public class ColorAuthentication : IColorAuthentication
 	{
+		private readonly GrantService _grantService;
 		private readonly ILogger<ColorAuthentication> _logger;
-		public ColorAuthentication(ILogger<ColorAuthentication> logger)
+		public ColorAuthentication(ILogger<ColorAuthentication> logger, GrantService grantService)
 		{
 			_logger = logger;
+			_grantService = grantService;
 		}
 
 		public bool canGetAll(User user)
 		{
-			_logger.Log(LogLevel.Warning, "Yes Authentication being used.");
-			return true;
+			return _grantService.hasGrant(user.permissionId, ColorGrantNames.CanGetAll);
 		}
 		public bool canGet(Color model, User user)
 		{
-			_logger.Log(LogLevel.Warning, "Yes Authentication being used.");
-			return true;
+			return _grantService.hasGrant(user.permissionId, ColorGrantNames.CanGetAny) ||
+			       _grantService.getULongValues(user.permissionId, ColorGrantNames.CanGet).Exists(x => x == model.id);
 		}
 		public bool canAdd(ColorDTO item, User user)
 		{
-			_logger.Log(LogLevel.Warning, "Yes Authentication being used.");
-			return true;
+			return _grantService.hasGrant(user.permissionId, ColorGrantNames.CanAdd);
 		}
 		public bool canUpdate(Color model, User user)
 		{
-			_logger.Log(LogLevel.Warning, "Yes Authentication being used.");
-			return true;
+			return _grantService.hasGrant(user.permissionId, ColorGrantNames.CanUpdateAny) ||
+			       _grantService.getULongValues(user.permissionId, ColorGrantNames.CanUpdate).Exists(x => x == model.id);
 		}
 		public bool canDelete(Color model, User user)
 		{
-			_logger.Log(LogLevel.Warning, "Yes Authentication being used.");
-			return true;
+			return _grantService.hasGrant(user.permissionId, ColorGrantNames.CanDeleteAny) ||
+			       _grantService.getULongValues(user.permissionId, ColorGrantNames.CanDelete).Exists(x => x == model.id);
 		}
 	}
 }