diff --git a/invenio.cfg b/invenio.cfg
index 7222a548..797fa918 100644
--- a/invenio.cfg
+++ b/invenio.cfg
@@ -39,7 +39,7 @@ from invenio_communities.communities.services import facets as community_facets
 
 from zenodo_rdm.custom_fields import CUSTOM_FIELDS_UI, CUSTOM_FIELDS, CUSTOM_FIELDS_FACETS, NAMESPACES
 from zenodo_rdm.views import frontpage_view_function
-from zenodo_rdm.permissions import ZenodoRDMRecordPermissionPolicy
+from zenodo_rdm.permissions import ZenodoCommunityPermissionPolicy, ZenodoRDMRecordPermissionPolicy
 from zenodo_rdm.api import ZenodoRDMRecord, ZenodoRDMDraft
 from zenodo_rdm.legacy.resources import record_serializers
 from zenodo_rdm.tokens import RATSubjectSchema
@@ -490,6 +490,8 @@ COMMUNITIES_ALLOW_RESTRICTED = False
 
 COMMUNITIES_OAI_SETS_PREFIX = "user-"
 
+COMMUNITIES_PERMISSION_POLICY = ZenodoCommunityPermissionPolicy
+
 # Citations
 # ==============
 ZENODO_RECORDS_UI_CITATIONS_ENABLE = True
@@ -498,4 +500,4 @@ ZENODO_RECORDS_UI_CITATIONS_ENABLE = True
 # Zenodo-RDM specific configs
 
 OPENAIRE_PORTAL_URL = 'https://explore.openaire.eu'
-"""URL to OpenAIRE portal."""
\ No newline at end of file
+"""URL to OpenAIRE portal."""
diff --git a/site/zenodo_rdm/permissions.py b/site/zenodo_rdm/permissions.py
index 32af5890..1f3c856b 100644
--- a/site/zenodo_rdm/permissions.py
+++ b/site/zenodo_rdm/permissions.py
@@ -5,8 +5,9 @@
 # Zenodo is free software; you can redistribute it and/or modify
 # it under the terms of the MIT License; see LICENSE file for more details.
 
-"""Zenodo legacy permissions."""
+"""Zenodo permissions."""
 
+from invenio_communities.permissions import CommunityPermissionPolicy
 from invenio_rdm_records.services.generators import (
     AccessGrant,
     IfDeleted,
@@ -22,6 +23,7 @@
 )
 from invenio_rdm_records.services.permissions import RDMRecordPermissionPolicy
 from invenio_records_permissions.generators import Disable, IfConfig, SystemProcess
+from invenio_users_resources.services.permissions import UserManager
 
 from .generators import (
     IfFilesRestrictedForCommunity,
@@ -201,3 +203,19 @@ class ZenodoRDMRecordPermissionPolicy(RDMRecordPermissionPolicy):
         # it was simpler and less coupling to implement this as permission check
         IfFileIsLocal(then_=can_read, else_=[SystemProcess()])
     ]
+
+    can_moderate = [
+        # moderators
+        UserManager,
+        SystemProcess(),
+    ]
+
+
+class ZenodoCommunityPermissionPolicy(CommunityPermissionPolicy):
+    """Permissions for Community CRUD operations."""
+
+    can_moderate = [
+        # moderators
+        UserManager,
+        SystemProcess(),
+    ]