diff --git a/aircox/conf.py b/aircox/conf.py
index c54f8be..c66bd8d 100755
--- a/aircox/conf.py
+++ b/aircox/conf.py
@@ -86,8 +86,8 @@ class Settings(BaseSettings):
             # TODO include content_type in order to avoid clash with potential
             #      extra applications
             # aircox
-            "change_program",
-            "change_episode",
+            "view_program",
+            "view_episode",
             "change_diffusion",
             "add_comment",
             "change_comment",
diff --git a/aircox/tests/conftest.py b/aircox/tests/conftest.py
index caf5564..a02a67f 100644
--- a/aircox/tests/conftest.py
+++ b/aircox/tests/conftest.py
@@ -157,3 +157,8 @@ def tracks(episode, sound):
     items += [baker.prepare(models.Track, sound=sound, position=i, timestamp=i * 60) for i in range(0, 3)]
     models.Track.objects.bulk_create(items)
     return items
+
+
+@pytest.fixture
+def user():
+    return User.objects.create_user(username="user1", password="bar")
diff --git a/aircox/tests/test_permissions.py b/aircox/tests/test_permissions.py
new file mode 100644
index 0000000..54bf67a
--- /dev/null
+++ b/aircox/tests/test_permissions.py
@@ -0,0 +1,14 @@
+import pytest
+
+
+@pytest.mark.django_db()
+def test_no_admin(user, client):
+    client.force_login(user)
+    response = client.get("/admin/")
+    assert response.status_code != 200
+
+
+@pytest.mark.django_db()
+def test_user_cannot_change_program_or_episode(user, client, program):
+    assert not user.has_perm("aircox.change_program")
+    assert not user.has_perm("aircox.change_episode")