diff --git a/frontend/src/component/label/clipboard.vue b/frontend/src/component/label/clipboard.vue
index c1629ab20..fa29e1bcb 100644
--- a/frontend/src/component/label/clipboard.vue
+++ b/frontend/src/component/label/clipboard.vue
@@ -47,6 +47,7 @@
           <v-icon>bookmark</v-icon>
         </v-btn>
         <v-btn
+            v-if="hasPermission(aclResources.ResourceLabels, aclActions.ActionDelete)"
             fab dark small
             color="remove"
             :title="$gettext('Delete')"
diff --git a/frontend/src/dialog/photo/labels.vue b/frontend/src/dialog/photo/labels.vue
index fa4807be2..ab24ae5d9 100644
--- a/frontend/src/dialog/photo/labels.vue
+++ b/frontend/src/dialog/photo/labels.vue
@@ -19,7 +19,7 @@
               @save="renameLabel(props.item.Label)"
           >
             {{ props.item.Label.Name }}
-            <template #input>
+            <template v-if="hasPermission(aclResources.ResourceLabels, aclActions.ActionUpdate)" #input>
               <v-text-field
                   v-model="props.item.Label.Name"
                   :rules="[nameRule]"
@@ -40,24 +40,27 @@
             <v-icon color="secondary-dark">search</v-icon>
           </v-btn>
           <v-btn v-else-if="props.item.Uncertainty < 100 && props.item.LabelSrc === 'manual'" icon
+                 :disabled="!hasPermission(aclResources.ResourcePhotos, aclActions.ActionUpdate)"
                  small flat :ripple="false"
                  class="action-delete" title="Delete"
                  @click.stop.prevent="removeLabel(props.item.Label)">
             <v-icon color="secondary-dark">delete</v-icon>
           </v-btn>
           <v-btn v-else-if="props.item.Uncertainty < 100" icon small flat :ripple="false"
+                 :disabled="!hasPermission(aclResources.ResourcePhotos, aclActions.ActionUpdate)"
                  class="action-remove" title="Remove"
                  @click.stop.prevent="removeLabel(props.item.Label)">
             <v-icon color="secondary-dark">remove</v-icon>
           </v-btn>
           <v-btn v-else icon small flat :ripple="false"
+                 :disabled="!hasPermission(aclResources.ResourcePhotos, aclActions.ActionUpdate)"
                  class="action-on" title="Activate"
                  @click.stop.prevent="activateLabel(props.item.Label)">
             <v-icon color="secondary-dark">add</v-icon>
           </v-btn>
         </td>
       </template>
-      <template v-if="!disabled" #footer>
+      <template v-if="!disabled && hasPermission(aclResources.ResourcePhotos, aclActions.ActionUpdate) && hasPermission(aclResources.ResourceLabels, aclActions.ActionCreate)" #footer>
         <td>
           <v-text-field
               v-model="newLabel"
diff --git a/frontend/src/pages/labels.vue b/frontend/src/pages/labels.vue
index 0fc0502d4..2677aa9f7 100644
--- a/frontend/src/pages/labels.vue
+++ b/frontend/src/pages/labels.vue
@@ -115,7 +115,7 @@
                   <span v-else>
                       <v-icon>edit</v-icon>
                   </span>
-                  <template #input>
+                  <template v-if="hasPermission(aclResources.ResourceLabels, aclActions.ActionUpdate)" #input>
                     <v-text-field
                         v-model="label.Name"
                         :rules="[titleRule]"
diff --git a/frontend/src/routes.js b/frontend/src/routes.js
index 825da40a0..c4e354236 100644
--- a/frontend/src/routes.js
+++ b/frontend/src/routes.js
@@ -312,6 +312,15 @@ export default [
     path: "/labels",
     component: Labels,
     meta: { title: $gettext("Labels"), auth: true },
+    beforeEnter: (to, from, next) => {
+      if (
+        hasPermission(aclResources.ResourceLabels, aclActions.ActionSearch, aclActions.ActionRead)
+      ) {
+        next();
+      } else {
+        next({ name: "home" });
+      }
+    },
   },
   {
     name: "people",
diff --git a/internal/acl/permissions.go b/internal/acl/permissions.go
index b2b13a745..50188eddc 100644
--- a/internal/acl/permissions.go
+++ b/internal/acl/permissions.go
@@ -47,4 +47,8 @@ var Permissions = ACL{
 	ResourceSettings: Roles{
 		RoleAdmin: Actions{ActionDefault: true},
 	},
+	ResourceLabels: Roles{
+		RoleAdmin:  Actions{ActionDefault: true},
+		RoleMember: Actions{ActionSearch: true, ActionRead: true},
+	},
 }