diff --git a/app/delivery/middleware/auth.go b/app/delivery/middleware/auth.go
index 454c350..011e8b1 100644
--- a/app/delivery/middleware/auth.go
+++ b/app/delivery/middleware/auth.go
@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"git.ma-al.com/goc_daniel/b2b/app/config"
+	"git.ma-al.com/goc_daniel/b2b/app/delivery/middleware/perms"
 	"git.ma-al.com/goc_daniel/b2b/app/model"
 	"git.ma-al.com/goc_daniel/b2b/app/service/authService"
 	constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
@@ -68,7 +69,7 @@ func Authenticate() fiber.Handler {
 		}
 
 		// We now populate the target user
-		if model.CustomerRole(user.Role.Name) != model.RoleAdmin {
+		if !userLocale.OriginalUser.HasPermission(perms.Teleport) {
 			return c.Next()
 		}
 
diff --git a/app/delivery/middleware/perms/permissions.go b/app/delivery/middleware/perms/permissions.go
index 35183f3..9516650 100644
--- a/app/delivery/middleware/perms/permissions.go
+++ b/app/delivery/middleware/perms/permissions.go
@@ -14,4 +14,5 @@ const (
 	SearchCreateIndex           Permission = "search.create_index"
 	OrdersViewAll               Permission = "orders.view_all"
 	OrdersModifyAll             Permission = "orders.modify_all"
+	Teleport                    Permission = "teleport"
 )
diff --git a/app/delivery/web/api/restricted/customer.go b/app/delivery/web/api/restricted/customer.go
index b458bdc..6608892 100644
--- a/app/delivery/web/api/restricted/customer.go
+++ b/app/delivery/web/api/restricted/customer.go
@@ -31,7 +31,7 @@ func CustomerHandlerRoutes(r fiber.Router) fiber.Router {
 	handler := NewCustomerHandler()
 
 	r.Get("", handler.customerData)
-	r.Get("/list", handler.listCustomers)
+	r.Get("/list", middleware.Require(perms.UserReadAny), handler.listCustomers)
 	r.Patch("/no-vat", middleware.Require(perms.UserWriteAny), handler.setCustomerNoVatStatus)
 	return r
 }
@@ -77,10 +77,6 @@ func (h *customerHandler) listCustomers(fc fiber.Ctx) error {
 		return fc.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
 			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrBadAttribute)))
 	}
-	if !user.HasPermission(perms.UserReadAny) {
-		return fc.Status(fiber.StatusForbidden).
-			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrForbidden)))
-	}
 
 	p, filt, err := query_params.ParseFilters[model.Customer](fc, columnMappingListUsers)
 	if err != nil {
@@ -89,12 +85,6 @@ func (h *customerHandler) listCustomers(fc fiber.Ctx) error {
 	}
 
 	search := fc.Query("search")
-	if search != "" {
-		if !user.HasPermission(perms.UserReadAny) {
-			return fc.Status(fiber.StatusForbidden).
-				JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrForbidden)))
-		}
-	}
 
 	customer, err := h.service.Find(user.LangID, p, filt, search)
 	if err != nil {
diff --git a/app/repos/customerRepo/customerRepo.go b/app/repos/customerRepo/customerRepo.go
index c45e35c..8cc11a4 100644
--- a/app/repos/customerRepo/customerRepo.go
+++ b/app/repos/customerRepo/customerRepo.go
@@ -1,6 +1,7 @@
 package customerRepo
 
 import (
+	"fmt"
 	"strings"
 
 	"git.ma-al.com/goc_daniel/b2b/app/db"
@@ -81,13 +82,16 @@ func (repo *CustomerRepo) Find(langId uint, p find.Paging, filt *filters.Filters
 		for _, word := range words {
 
 			conditions = append(conditions, `
-			(LOWER(first_name) LIKE ? OR
+			(
+			 id = ? OR
+			 LOWER(first_name) LIKE ? OR
 			 LOWER(last_name) LIKE ? OR
 			 LOWER(email) LIKE ?)
 		`)
 
+			args = append(args, strings.ToLower(word))
 			for range 3 {
-				args = append(args, "%"+strings.ToLower(word)+"%")
+				args = append(args, fmt.Sprintf("%%%s%%", strings.ToLower(word)))
 			}
 		}
 
@@ -115,88 +119,3 @@ func (repo *CustomerRepo) Create(customer *model.Customer) error {
 func (repo *CustomerRepo) SetCustomerNoVatStatus(customerID uint, isNoVat bool) error {
 	return db.DB.Model(&model.Customer{}).Where("id = ?", customerID).Update("is_no_vat", isNoVat).Error
 }
-
-// func (repo *CustomerRepo) Search(
-// 	customerId uint,
-// 	partnerCode string,
-// 	p find.Paging,
-// 	filt *filters.FiltersList,
-// 	search string,
-// ) (found find.Found[model.UserInList], err error) {
-// 	words := strings.Fields(search)
-// 	if len(words) > 5 {
-// 		words = words[:5]
-// 	}
-
-// 	query := ctx.DB().
-// 		Model(&model.Customer{}).
-// 		Select("customer.id AS id, customer.first_name as first_name, customer.last_name as last_name, customer.phone_number AS phone_number, customer.email AS email, count(distinct investment_plan_contract.id) as iiplan_purchases, count(distinct `order`.id) as single_purchases, entity.name as entity_name").
-// 		Where("customer.id <> ?", customerId).
-// 		Where("(customer.id IN (SELECT id FROM customer WHERE partner_code IN (WITH RECURSIVE partners AS (SELECT code AS dst FROM partner WHERE code = ? UNION SELECT code FROM partner JOIN partners ON partners.dst = partner.superior_code) SELECT dst FROM partners)) OR customer.recommender_code = ?)", partnerCode, partnerCode).
-// 		Scopes(view.CustomerListQuery())
-
-// 	var conditions []string
-// 	var args []interface{}
-// 	for _, word := range words {
-
-// 		conditions = append(conditions, `
-// 			(LOWER(first_name) LIKE ? OR
-// 			 LOWER(last_name) LIKE ? OR
-// 			 phone_number LIKE ? OR
-// 			 LOWER(email) LIKE ?)
-// 		`)
-
-// 		for i := 0; i < 4; i++ {
-// 			args = append(args, "%"+strings.ToLower(word)+"%")
-// 		}
-// 	}
-
-// 	finalQuery := strings.Join(conditions, " AND ")
-
-// 	query = query.Where(finalQuery, args...).
-// 		Scopes(filt.All()...)
-
-// 	found, err = find.Paginate[V](ctx, p, query)
-
-// 	return found, errs.Recorded(span, err)
-// }
-
-// func (repo *ListRepo) ListUsers(id_lang uint, p find.Paging, filt *filters.FiltersList) (find.Found[model.UserInList], error) {
-// 	var list []model.UserInList
-// 	var total int64
-
-// 	query := db.Get().
-// 		Table("b2b_customers AS users").
-// 		Select(`
-// 			users.id AS id,
-// 			users.email AS email,
-// 			users.first_name AS first_name,
-// 			users.last_name AS last_name,
-// 			users.role AS role
-// 		`)
-
-// 	// Apply all filters
-// 	if filt != nil {
-// 		filt.ApplyAll(query)
-// 	}
-
-// 	//  run counter first as query is without limit and offset
-// 	err := query.Count(&total).Error
-// 	if err != nil {
-// 		return find.Found[model.UserInList]{}, err
-// 	}
-
-// 	err = query.
-// 		Order("users.id DESC").
-// 		Limit(p.Limit()).
-// 		Offset(p.Offset()).
-// 		Find(&list).Error
-// 	if err != nil {
-// 		return find.Found[model.UserInList]{}, err
-// 	}
-
-// 	return find.Found[model.UserInList]{
-// 		Items: list,
-// 		Count: uint(total),
-// 	}, nil
-// }
diff --git a/i18n/migrations/20260302163100_routes.sql b/i18n/migrations/20260302163100_routes.sql
index f7992e1..22051cf 100644
--- a/i18n/migrations/20260302163100_routes.sql
+++ b/i18n/migrations/20260302163100_routes.sql
@@ -42,12 +42,6 @@ INSERT IGNORE INTO `b2b_top_menu` (`menu_id`, `label`, `parent_id`, `params`, `a
 (3, JSON_COMPACT('{"name":"admin-products","trans":{"pl":{"label":"admin-products"},"en":{"label":"admin-products"},"de":{"label":"admin-products"}}}'),1,JSON_COMPACT('{}'),1,1),
 (9, JSON_COMPACT('{"name":"carts","trans":{"pl":{"label":"Koszyki"},"en":{"label":"Carts"},"de":{"label":"Warenkörbe"}}}'),3,JSON_COMPACT('{"route": {"name": "home", "params":{"locale": ""}}}'),1,1);
 
-CREATE TABLE `b2b_route_roles` ( 
-  `route_id` INT NOT NULL,
-  `role_id` BIGINT UNSIGNED NOT NULL,
-   PRIMARY KEY (`id`, `role_id`)
-);
-
 
 -- +goose Down
 
diff --git a/i18n/migrations/20260302163123_create_tables_data.sql b/i18n/migrations/20260302163123_create_tables_data.sql
index bb9b449..27d10b0 100644
--- a/i18n/migrations/20260302163123_create_tables_data.sql
+++ b/i18n/migrations/20260302163123_create_tables_data.sql
@@ -40,6 +40,9 @@ INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('6', 'webdav.create_token')
 INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('7', 'product_translation.save');
 INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('8', 'product_translation.translate');
 INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('9', 'search.create_index');
+INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('10', 'orders.view_all');
+INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('11', 'orders.modify_all');
+INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('12', 'teleport');
 
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '1');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '2');
@@ -50,6 +53,9 @@ INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '6'
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '7');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '8');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '9');
+INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '10');
+INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '11');
+INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '12');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '1');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '2');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '3');
@@ -59,6 +65,9 @@ INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '6'
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '7');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '8');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '9');
+INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '10');
+INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '11');
+INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '12');
 
 INSERT INTO `b2b_route_roles` (`route_id`, `role_id`) VALUES
 (1, '1'),