diff --git a/ci4/app/Config/RBAC/permissionMatrix.php b/ci4/app/Config/RBAC/permissionMatrix.php
index 0eea467b..7199995c 100644
--- a/ci4/app/Config/RBAC/permissionMatrix.php
+++ b/ci4/app/Config/RBAC/permissionMatrix.php
@@ -21,10 +21,6 @@ const SK_PERMISSION_MATRIX = [
 		"presupuesto-cliente.edit",
 		"presupuesto-cliente.delete",
 		"presupuesto-cliente.menu",
-		"tarifa-preimpresion.create",
-		"tarifa-preimpresion.edit",
-		"tarifa-preimpresion.delete",
-		"tarifa-preimpresion.menu",
 		"tarifa-manipulado.create",
 		"tarifa-manipulado.edit",
 		"tarifa-manipulado.delete",
diff --git a/ci4/app/Config/RBAC/roles.json b/ci4/app/Config/RBAC/roles.json
new file mode 100644
index 00000000..a95d9582
--- /dev/null
+++ b/ci4/app/Config/RBAC/roles.json
@@ -0,0 +1,22 @@
+{
+  "superadmin": {
+    "title": "Super Admin",
+    "description": "Complete control of the site."
+  },
+  "admin": {
+    "title": "Admin",
+    "description": "Day to day administrators of the site."
+  },
+  "developer": {
+    "title": "Developer",
+    "description": "Site programmers."
+  },
+  "user": {
+    "title": "User",
+    "description": "General users of the site. Often customers."
+  },
+  "beta": {
+    "title": "Beta User",
+    "description": "Has access to beta-level features."
+  }
+}
\ No newline at end of file
diff --git a/ci4/app/Controllers/BaseResourceController.php b/ci4/app/Controllers/BaseResourceController.php
index f20fc524..68c0d9d3 100644
--- a/ci4/app/Controllers/BaseResourceController.php
+++ b/ci4/app/Controllers/BaseResourceController.php
@@ -43,23 +43,23 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
      */
     protected static $pluralObjectName;
 
-     /**
+    /**
      * Path for the views directory for the extending view controller
-     * 
-     * @var string 
+     *
+     * @var string
      */
     protected static $viewPath;
 
-    
+
     /**
      * JJO: Variable para indicar si el controlador hace soft_delete o no
-     * 
+     *
      * @var bool
      */
     public $soft_delete = false;
     /**
      * JJO: Variable quién puede ver los registros borrados
-     * 
+     *
      *  0 -> Not Deleted
      *  1 -> Soft Deleted, shows up in lists of deleted items for management users
      *  2 -> Soft Deleted, does not show up for any user except admin users
@@ -123,13 +123,36 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
         $this->viewData['usingSweetAlert'] = true;
 
         $this->viewData['viewPath'] = static::$viewPath;
-        
+
         $this->viewData['currentLocale'] = $this->request->getLocale();
 
         /* IMN */
         $this->viewData['alertStyle'] = $this->alertStyle;
     }
 
+    protected function checkPermission($sectionPermission, $redirectRoute = NULL)
+    {
+        // TODO ojo, con no redirigir al indexRoute, que se crea bucle!!!
+        if (!auth()->user()->can($sectionPermission)) {
+            $this->session->setFlashdata('errorMessage', "No tiene permisos de acceso");
+            if (is_null($redirectRoute)) {
+                return $this->response->redirect(route_to('home'));
+            } else {
+                return $this->response->redirect(route_to($redirectRoute));
+            }
+        }
+    }
+
+    protected function checkPermissionAJAX($sectionPermission)
+    {
+
+        if (!auth()->user()->can($sectionPermission)) {
+            return $this->fail('Error');
+        }
+
+    }
+
+
     /**
      * Convenience method to display the form of a module
      * @param $forMethod
@@ -159,7 +182,7 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
         }
 
         if (!isset($this->viewData['formAction'])) {
-            $this->viewData['formAction'] = base_url(strtolower($this->viewData['currentModule']) . '/' . $formActionSuffix . '/' . $action );
+            $this->viewData['formAction'] = base_url(strtolower($this->viewData['currentModule']) . '/' . $formActionSuffix . '/' . $action);
         }
 
         if ((!isset($this->viewData['boxTitle']) || empty($this->viewData['boxTitle'])) && isset(static::$singularObjectName) && !empty(static::$singularObjectName)) {
@@ -223,29 +246,28 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
     public function delete($id = null)
     {
         if (!empty(static::$pluralObjectNameCc) && !empty(static::$singularObjectNameCc)) {
-            $objName = mb_strtolower(lang(ucfirst(static::$pluralObjectNameCc).'.'.static::$singularObjectNameCc));
+            $objName = mb_strtolower(lang(ucfirst(static::$pluralObjectNameCc) . '.' . static::$singularObjectNameCc));
         } else {
             $objName = lang('Basic.global.record');
         }
-        
-        if (!$this->soft_delete){
+
+        if (!$this->soft_delete) {
 
             if (!$this->model->delete($id)) {
                 return $this->failNotFound(lang('Basic.global.deleteError', [$objName]));
             }
-        }
-        else{
+        } else {
             $datetime = (new \CodeIgniter\I18n\Time("now"));
-            $rawResult = $this->model->where('id',$id)
-                ->set(['deleted_at' =>  $datetime->format('Y-m-d H:i:s'),
-                        'is_deleted' => $this->delete_flag])
+            $rawResult = $this->model->where('id', $id)
+                ->set(['deleted_at' => $datetime->format('Y-m-d H:i:s'),
+                    'is_deleted' => $this->delete_flag])
                 ->update();
             if (!$rawResult) {
                 return $this->failNotFound(lang('Basic.global.deleteError', [$objName]));
             }
 
         }
-        
+
         // $message = lang('Basic.global.deleteSuccess', [$objName]); IMN commented
         $message = lang('Basic.global.deleteSuccess', [lang('Basic.global.record')]);
         $response = $this->respondDeleted(['id' => $id, 'msg' => $message]);
@@ -261,20 +283,18 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
     protected function canValidate($customValidationRules = null, $customValidationMessages = null)
     {
 
-        if($customValidationRules == null){
+        if ($customValidationRules == null) {
             $validationRules = $this->model->validationRules ?? $this->formValidationRules ?? null;
-        }
-        else{
+        } else {
             $validationRules = $customValidationRules;
         }
         if ($validationRules == null) {
             return true;
         }
 
-        if($customValidationMessages == null){
-            $validationErrorMessages = $this->model->validationMessages ??  $this->formValidationErrorMessagess ?? null;;
-        }
-        else{
+        if ($customValidationMessages == null) {
+            $validationErrorMessages = $this->model->validationMessages ?? $this->formValidationErrorMessagess ?? null;;
+        } else {
             $validationErrorMessages = $customValidationMessages;
         }
 
@@ -283,7 +303,7 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
         } else {
             $valid = $this->validate($validationRules);
         }
-        
+
         $this->validationErrors = $valid ? '' : $this->validator->getErrors();
 
         /*
@@ -303,7 +323,8 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
      * @param array|null $postData
      * @return array
      */
-    protected function sanitized(array $postData = null, bool $nullIfEmpty = false) {
+    protected function sanitized(array $postData = null, bool $nullIfEmpty = false)
+    {
         if ($postData == null) {
             $postData = $this->request->getPost();
         }
@@ -317,7 +338,7 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
         }
         return $sanitizedData;
     }
-    
+
     /**
      * Custom fail method needed when CSRF token regeneration is on in security settings
      * @param string|array $messages
@@ -326,15 +347,15 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
      * @param string $customMessage
      * @return mixed
      */
-    protected function failWithNewToken($messages, int $status = 400, string $code = null, string $customMessage = '') {
+    protected function failWithNewToken($messages, int $status = 400, string $code = null, string $customMessage = '')
+    {
 
-        if (! is_array($messages))
-        {
+        if (!is_array($messages)) {
             $messages = ['error' => $messages];
         }
         $response = [
-            'status'   => $status,
-            'error'    => $status,
+            'status' => $status,
+            'error' => $status,
             'messages' => $messages,
             csrf_token() => csrf_hash()
         ];
@@ -360,7 +381,8 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
      * Convenience method for common exception handling
      * @param \Exception $e
      */
-    protected function dealWithException(\Exception $e) {
+    protected function dealWithException(\Exception $e)
+    {
         // using another try / catch block to prevent to avoid CodeIgniter bug throwing trivial exceptions for querying DB errors
         try {
             $query = $this->model->db->getLastQuery();
@@ -368,16 +390,16 @@ abstract class BaseResourceController extends \CodeIgniter\RESTful\ResourceContr
             $dbError = $this->model->db->error();
             $userFriendlyErrMsg = lang('Basic.global.persistErr1', [static::$singularObjectNameCc]);
             if (isset($dbError['code']) && $dbError['code'] == 1062) :
-                $userFriendlyErrMsg .= PHP_EOL.lang('Basic.global.persistDuplErr', [static::$singularObjectNameCc]);
+                $userFriendlyErrMsg .= PHP_EOL . lang('Basic.global.persistDuplErr', [static::$singularObjectNameCc]);
             endif;
             // $userFriendlyErrMsg = str_replace("'", "\'", $userFriendlyErrMsg); // Uncomment if experiencing unescaped single quote errors
-            log_message('error', $userFriendlyErrMsg.PHP_EOL.$e->getMessage().PHP_EOL.$queryStr);
+            log_message('error', $userFriendlyErrMsg . PHP_EOL . $e->getMessage() . PHP_EOL . $queryStr);
             if (isset($dbError['message']) && !empty($dbError['message'])) :
-                log_message('error', $dbError['code'].' : '.$dbError['message']);
+                log_message('error', $dbError['code'] . ' : ' . $dbError['message']);
             endif;
             $this->viewData['errorMessage'] = $userFriendlyErrMsg;
         } catch (\Exception $e2) {
-            log_message('debug', 'You can probably safely ignore this: In attempt to check DB errors, CodeIgniter threw: '.PHP_EOL.$e2->getMessage());
+            log_message('debug', 'You can probably safely ignore this: In attempt to check DB errors, CodeIgniter threw: ' . PHP_EOL . $e2->getMessage());
         }
     }
 }
\ No newline at end of file
diff --git a/ci4/app/Controllers/Tarifas/Tarifaimpresion.php b/ci4/app/Controllers/Tarifas/Tarifaimpresion.php
deleted file mode 100755
index 4423b12e..00000000
--- a/ci4/app/Controllers/Tarifas/Tarifaimpresion.php
+++ /dev/null
@@ -1,35 +0,0 @@
-<?php
-
-namespace App\Controllers\Tarifas;
-use App\Controllers\BaseController;
-
-
-class Tarifaimpresion extends BaseController
-{ 
-    function __construct()
-    { 
-            
-    }
-
-    public function index()
-    {
-        echo 'Tarifa impresion';
-    } 
-
-    public function delete()
-    {
-
-    }
-
-    public function add()
-    {
-
-    }
-
-    public function edit()
-    {
-
-    }
-
-}
- 
\ No newline at end of file
diff --git a/ci4/app/Controllers/Tarifas/Tarifasencuadernacion.php b/ci4/app/Controllers/Tarifas/Tarifasencuadernacion.php
index 4d2751dc..da6ebf94 100755
--- a/ci4/app/Controllers/Tarifas/Tarifasencuadernacion.php
+++ b/ci4/app/Controllers/Tarifas/Tarifasencuadernacion.php
@@ -55,6 +55,8 @@ class Tarifasencuadernacion extends \App\Controllers\BaseResourceController
 
     public function index()
     {
+        // Check if the user is allowed to list items
+        parent::checkPermission('tarifa-encuadernacion.menu');
 
         $viewData = [
             'currentModule' => static::$controllerSlug,
@@ -73,8 +75,7 @@ class Tarifasencuadernacion extends \App\Controllers\BaseResourceController
     public function add()
     {
 
-
-        
+        parent::checkPermission('tarifa-encuadernacion.create', $this->indexRoute);
 
         if ($this->request->getPost()) :
 
@@ -157,6 +158,7 @@ class Tarifasencuadernacion extends \App\Controllers\BaseResourceController
     public function edit($requestedId = null)
     {
 
+        parent::checkPermission('tarifa-encuadernacion.create', $this->indexRoute);
 
         if ($requestedId == null) :
             return $this->redirect2listView();
@@ -248,6 +250,12 @@ class Tarifasencuadernacion extends \App\Controllers\BaseResourceController
         return $this->displayForm(__METHOD__, $id);
     } // end function edit(...)
 
+    /*public function delete($id =null){
+        if (!auth()->user()->can('tarifa-encuadernacion.delete')) {
+            return $this->fail('No tiene permisos');
+        }
+        parent::delete($id);
+    }*/
 
     public function datatable()
     {
diff --git a/ci4/app/Controllers/Tarifas/Tarifasenvios.php b/ci4/app/Controllers/Tarifas/Tarifasenvios.php
index 9bbb02a1..1d239b40 100755
--- a/ci4/app/Controllers/Tarifas/Tarifasenvios.php
+++ b/ci4/app/Controllers/Tarifas/Tarifasenvios.php
@@ -55,7 +55,10 @@ class Tarifasenvios extends \App\Controllers\BaseResourceController {
 
 
     public function index() {
-        
+
+        // Check if the user is allowed to list items
+        parent::checkPermission('tarifa-envio.menu');
+
         $viewData = [
                 'currentModule' => static::$controllerSlug,
                 'pageSubTitle' => lang('Basic.global.ManageAllRecords', [lang('TarifasEnvios.tarifaEnvio')]),
@@ -71,9 +74,8 @@ class Tarifasenvios extends \App\Controllers\BaseResourceController {
 
 
     public function add() {
-        
 
-        
+        parent::checkPermission('tarifa-envio.create', $this->indexRoute);
 
         if ($this->request->getPost()) :
 
@@ -142,6 +144,8 @@ class Tarifasenvios extends \App\Controllers\BaseResourceController {
 
     public function edit($requestedId = null) {
 
+        parent::checkPermission('tarifa-envio.edit', $this->indexRoute);
+
         
         if ($requestedId == null) :
             return $this->redirect2listView();
@@ -227,6 +231,10 @@ class Tarifasenvios extends \App\Controllers\BaseResourceController {
     // JJO
     public function delete($id = null)
     {
+        if (!auth()->user()->can('tarifa-envio.delete')) {
+            return $this->fail('Error');
+        }
+
         if (!empty(static::$pluralObjectNameCc) && !empty(static::$singularObjectNameCc)) {
             $objName = mb_strtolower(lang(ucfirst(static::$pluralObjectNameCc).'.'.static::$singularObjectNameCc));
         } else {
@@ -242,7 +250,6 @@ class Tarifasenvios extends \App\Controllers\BaseResourceController {
         else{
             $datetime = (new \CodeIgniter\I18n\Time("now"));
 
-
             $zonaModel = new TarifaEnvioZonaModel();
             $zonaResult = $zonaModel->removeAllZonasLineas($id, $datetime, $this->delete_flag);
 
diff --git a/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php b/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php
index 7528ebf4..f590a476 100755
--- a/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php
+++ b/ci4/app/Controllers/Tarifas/Tarifasmanipulado.php
@@ -51,6 +51,8 @@ class Tarifasmanipulado extends \App\Controllers\BaseResourceController
 
     public function index()
     {
+        // Check if the user is allowed to list items
+        parent::checkPermission('tarifa-manipulado.menu');
 
         $viewData = [
             'currentModule' => static::$controllerSlug,