I have a live web application that allows users to manage multi-currency bank accounts. Right now those currency records are fully editable, but I need to lock them down: once a currency is created, ordinary users must no longer be able to change, overwrite, or delete it through the UI or any exposed endpoint. Administrators should still keep their current level of control; only the regular user role needs to be limited. You will review the existing codebase, implement the necessary permission checks and UI adjustments, and confirm that the restriction cannot be bypassed through API calls or direct requests. There is no rush on my side, so you can work methodically and schedule the delivery at a pace that suits you—as long as the final result is rock-solid. Deliverables: • Updated source code and any migration scripts • Clear explanation of where and how the restriction was implemented • Short test plan or demo video proving users can no longer edit currencies If you need additional information about the current tech stack or access protocols, let me know and I’ll provide it right away.