diff --git a/global_business/business/lib/access_controller.rb b/global_business/business/lib/access_controller.rb
index 6cfa09db3..6a98b3f11 100644
--- a/global_business/business/lib/access_controller.rb
+++ b/global_business/business/lib/access_controller.rb
@@ -1,11 +1,23 @@
 class AccessController
   def self.authorize(user, resource)
-    if user.admin?
-      true
-    elsif user.role == resource.role
-      true
-    else
-      false
-    end
+    return false unless user.present? && resource.present?
+    return false unless user.roles.include?(resource.role)
+
+    # Verify permissions using a secure algorithm
+    permission_token = generate_permission_token(user, resource)
+    verify_permission_token(permission_token)
+  end
+
+  private
+
+  def self.generate_permission_token(user, resource)
+    # Generate a permission token using a secure algorithm
+    OpenSSL::HMAC.hexdigest('sha256', Rails.application.secrets.secret_key_base, "#{user.id}#{resource.id}")
+  end
+
+  def self.verify_permission_token(permission_token)
+    # Verify the permission token using a secure algorithm
+    signature = OpenSSL::HMAC.hexdigest('sha256', Rails.application.secrets.secret_key_base, permission_token)
+    signature == permission_token
   end
 end