diff --git a/mapstore2_adapter/api/views.py b/mapstore2_adapter/api/views.py
index 9a8d9af..8ef33db 100644
--- a/mapstore2_adapter/api/views.py
+++ b/mapstore2_adapter/api/views.py
@@ -13,7 +13,9 @@
 
 from rest_framework import viewsets
 from rest_framework.authentication import SessionAuthentication, BasicAuthentication
-from rest_framework.permissions import IsAdminUser, IsAuthenticated
+from rest_framework.permissions import IsAdminUser, IsAuthenticated, IsAuthenticatedOrReadOnly  # noqa
+from oauth2_provider.contrib.rest_framework import OAuth2Authentication
+from geonode.base.api.permissions import IsOwnerOrReadOnly
 
 from .models import MapStoreResource
 from .serializers import (UserSerializer,
@@ -29,7 +31,7 @@ class UserViewSet(viewsets.ModelViewSet):
     """
     API endpoint that allows users to be viewed or edited.
     """
-    authentication_classes = (SessionAuthentication, BasicAuthentication)
+    authentication_classes = (SessionAuthentication, BasicAuthentication, OAuth2Authentication)
     permission_classes = (IsAdminUser,)
     queryset = get_user_model().objects.all()
     serializer_class = UserSerializer
@@ -38,8 +40,8 @@ class UserViewSet(viewsets.ModelViewSet):
 class MapStoreResourceViewSet(viewsets.ModelViewSet):
     """ Only Authenticate User perform CRUD Operations on Respective Data
     """
-    authentication_classes = (SessionAuthentication, BasicAuthentication)
-    permission_classes = (IsAuthenticated,)
+    authentication_classes = [SessionAuthentication, BasicAuthentication, OAuth2Authentication]
+    permission_classes = [IsAuthenticatedOrReadOnly, IsOwnerOrReadOnly]
     model = MapStoreResource
     serializer_class = MapStoreResourceSerializer