diff --git a/lib/NGCP/Panel/Controller/API/SpeedDials.pm b/lib/NGCP/Panel/Controller/API/SpeedDials.pm
index 355a1efbb2..a8f96bfbaf 100644
--- a/lib/NGCP/Panel/Controller/API/SpeedDials.pm
+++ b/lib/NGCP/Panel/Controller/API/SpeedDials.pm
@@ -63,7 +63,7 @@ __PACKAGE__->config(
     action => {
         map { $_ => {
             ACLDetachTo => '/api/root/invalid_user',
-            AllowedRole => [qw/admin reseller/],
+            AllowedRole => [qw/admin reseller subscriberadmin/],
             Args => 0,
             Does => [qw(ACL CheckTrailingSlash RequireSSL)],
             Method => $_,
diff --git a/lib/NGCP/Panel/Controller/API/SpeedDialsItem.pm b/lib/NGCP/Panel/Controller/API/SpeedDialsItem.pm
index beb40ab5a6..969f4be8a8 100644
--- a/lib/NGCP/Panel/Controller/API/SpeedDialsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/SpeedDialsItem.pm
@@ -42,7 +42,7 @@ __PACKAGE__->config(
     action => {
         (map { $_ => {
             ACLDetachTo => '/api/root/invalid_user',
-            AllowedRole => [qw/admin reseller/],
+            AllowedRole => [qw/admin reseller subscriberadmin/],
             Args => 1,
             Does => [qw(ACL RequireSSL)],
             Method => $_,
@@ -50,7 +50,7 @@ __PACKAGE__->config(
         } } @{ __PACKAGE__->allowed_methods }),
         @{ __PACKAGE__->get_journal_action_config(__PACKAGE__->resource_name,{
             ACLDetachTo => '/api/root/invalid_user',
-            AllowedRole => [qw/admin reseller/],
+            AllowedRole => [qw/admin reseller subscriberadmin/],
             Does => [qw(ACL RequireSSL)],
         }) }
     },
diff --git a/lib/NGCP/Panel/Role/API/SpeedDials.pm b/lib/NGCP/Panel/Role/API/SpeedDials.pm
index d89e3a7855..2f22d40eb6 100644
--- a/lib/NGCP/Panel/Role/API/SpeedDials.pm
+++ b/lib/NGCP/Panel/Role/API/SpeedDials.pm
@@ -65,13 +65,20 @@ sub _item_rs {
     my $item_rs;
     $item_rs = $c->model('DB')->resultset('voip_subscribers')
         ->search({ 'me.status' => { '!=' => 'terminated' } });
-    if($c->user->roles eq "admin") {
-    } elsif($c->user->roles eq "reseller") {
+    if ($c->user->roles eq "admin") {
+    } elsif ($c->user->roles eq "reseller") {
         $item_rs = $item_rs->search({
             'contact.reseller_id' => $c->user->reseller_id,
         }, {
             join => { 'contract' => 'contact' },
         });
+    } elsif ($c->user->roles eq "subscriberadmin") {
+        $item_rs = $item_rs->search({
+            'contract.id' => $c->user->account_id,
+        }, {
+            join => 'contract',
+        });
+        # TODO should be filtered for subscribers whose profile allows speed_dial?
     }
 
     return $item_rs;
@@ -92,6 +99,18 @@ sub update_item {
     my $prov_subs = $billing_subs->provisioning_voip_subscriber;
     my $speeddials_rs = $prov_subs->voip_speed_dials;
 
+    if ($prov_subs && $prov_subs->voip_subscriber_profile) {
+        my @allowed_attrs = $prov_subs->voip_subscriber_profile->profile_attributes->get_column('attribute_id')->all;
+        my $found = $c->model('DB')->resultset('voip_preferences')->search_rs({
+            'me.id' => { '-in' => \@allowed_attrs },
+            'attribute' => 'speed_dial',
+            })->first;
+        unless ($found) {
+            $self->error($c, HTTP_FORBIDDEN, "This user is not allowed to modify speeddials.");
+            return;
+        }
+    }
+
     if (ref $resource->{speeddials} ne "ARRAY") {
         $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Invalid field 'speeddials'. Must be an array.");
         return;