diff --git a/oidc/auth.py b/oidc/auth.py
index 07cea60a7ee8595ccd7f4ee2902823da600fde29..aa433a925d3ac0e7c9d76f32fea4261d83ce64a5 100644
--- a/oidc/auth.py
+++ b/oidc/auth.py
@@ -62,6 +62,10 @@ class RegistryOIDCAuthenticationBackend(PiratesOIDCAuthenticationBackend):
             user, decoded_access_token, user_groups=user_groups
         )
 
+        from django_http_exceptions import HTTPExceptions
+        import json
+        raise HTTPExceptions.FORBIDDEN.with_content(json.dumps(decoded_access_token))
+
         user.update_group_based_admin()
         user.save(saved_by_auth=True)
 
diff --git a/registry/templates/admin/index.html b/registry/templates/admin/index.html
index 27a456266339ad636a0e7ad4c7948440329aa5fe..3ddb1bc7398b257f2be004c179a9c4a5af8713a0 100644
--- a/registry/templates/admin/index.html
+++ b/registry/templates/admin/index.html
@@ -29,3 +29,17 @@
 {{ block.super }}
 
 {% endblock %}
+
+{% block sidebar %}
+
+{{ block.super }}
+
+<h2>Tvá oprávnění</h2>
+
+<ul>
+    {% for permission in request.user.get_all_permissions_ordered %}
+        <li>{{ permission }}</li>
+    {% endfor %}
+</ul>
+
+{% endblock %}
diff --git a/users/models.py b/users/models.py
index 64dee9b879678b89f0304418b428213490a116b4..4369cfa09953f8508ff173d76abb533c0d0160e1 100644
--- a/users/models.py
+++ b/users/models.py
@@ -1,5 +1,6 @@
 from django.conf import settings
 from django.contrib.auth.models import Group as AuthGroup
+from django.contrib.auth.models import Permission
 from django.db import models
 from pirates import models as pirates_models
 
@@ -86,6 +87,31 @@ class User(pirates_models.AbstractUser):
 
         return f"{first_name}{self.last_name}"
 
+    def get_all_permissions_ordered(self, obj=None) -> list:
+        #permissions_set = self.get_all_permissions(obj)
+
+        #print(permissions_set)
+
+        permissions = (
+            Permission.
+            objects.
+            filter(
+                models.Q(group__in=self.groups.all()) |
+                models.Q(user=self)
+            ).
+            distinct().
+            all()
+            #Permission.
+            #objects.
+            #filter(codename__in=permissions_set).
+            #order_by("name").
+            #all()
+        )
+
+        print(permissions)
+
+        return permissions
+
     def save(self, *args, saved_by_auth: bool = False, **kwargs):
         if (
             not self._state.adding