diff --git a/app/controllers/concerns/sample_actions.rb b/app/controllers/concerns/sample_actions.rb
index 3631511ab..5b97544eb 100644
--- a/app/controllers/concerns/sample_actions.rb
+++ b/app/controllers/concerns/sample_actions.rb
@@ -11,7 +11,7 @@ module SampleActions
       params[:sample_ids].each do |id|
         sample = Sample.find_by_id(id)
 
-        if sample
+        if sample && can_update_or_delete_sample?(sample)
           sample.destroy
           counter_user += 1
         else
@@ -45,8 +45,6 @@ module SampleActions
   end
 
   def check_destroy_samples_permissions
-    unless can_manage_sample?(@project.team)
-      render_403
-    end
+    render_403 unless can_manage_samples?(@project.team)
   end
 end
diff --git a/app/controllers/samples_controller.rb b/app/controllers/samples_controller.rb
index ab3afacce..2026b495c 100644
--- a/app/controllers/samples_controller.rb
+++ b/app/controllers/samples_controller.rb
@@ -6,7 +6,9 @@ class SamplesController < ApplicationController
   before_action :load_vars, only: [:edit, :update, :destroy, :show]
   before_action :load_vars_nested, only: [:new, :create]
 
-  before_action :check_manage_permissions, exept: :show
+  before_action :check_create_permissions, only: %i(new create)
+  before_action :check_update_and_delete_permissions,
+                only: %i(edit update destroy)
 
   def new
     respond_to do |format|
@@ -305,8 +307,12 @@ class SamplesController < ApplicationController
     end
   end
 
-  def check_manage_permissions
-    render_403 unless can_manage_sample?(@team)
+  def check_create_permissions
+    render_403 unless can_manage_samples?(@team)
+  end
+
+  def check_update_and_delete_permissions
+    render_403 unless can_update_or_delete_sample?(@sample)
   end
 
   def sample_params
diff --git a/app/controllers/teams_controller.rb b/app/controllers/teams_controller.rb
index 7b72d3c77..ac6501879 100644
--- a/app/controllers/teams_controller.rb
+++ b/app/controllers/teams_controller.rb
@@ -249,7 +249,7 @@ class TeamsController < ApplicationController
   end
 
   def check_create_sample_permissions
-    unless can_manage_sample?(@team)
+    unless can_manage_samples?(@team)
       render_403
     end
   end
diff --git a/app/permissions/team.rb b/app/permissions/team.rb
index ef9a3500e..c4f4c9019 100644
--- a/app/permissions/team.rb
+++ b/app/permissions/team.rb
@@ -27,8 +27,8 @@ Canaid::Permissions.register_for(Team) do
     user.is_normal_user_or_admin_of_team?(team)
   end
 
-  # create, import, edit, delete sample
-  can :manage_sample do |user, team|
+  # create, import, edit, delete samples
+  can :manage_samples do |user, team|
     user.is_normal_user_or_admin_of_team?(team)
   end
 
@@ -81,3 +81,10 @@ Canaid::Permissions.register_for(Protocol) do
       can_read_protocol_in_repository?(user, protocol)
   end
 end
+
+Canaid::Permissions.register_for(Sample) do
+  # edit, delete specific sample
+  can :update_or_delete_sample do |user, sample|
+    can_manage_samples?(user, sample.team)
+  end
+end
diff --git a/app/views/shared/_samples.html.erb b/app/views/shared/_samples.html.erb
index 38b904e08..7977c2eec 100644
--- a/app/views/shared/_samples.html.erb
+++ b/app/views/shared/_samples.html.erb
@@ -21,7 +21,7 @@
     data-module-id="<%= @my_module.id %>"
   <% end %>>
 
-  <% if can_manage_sample?(@team) %>
+  <% if can_manage_samples?(@team) %>
     <button type="button" class="btn btn-default editAdd" id="addSample" onclick="onClickAddSample()">
       <span class="glyphicon glyphicon-plus"></span>
       <span class="hidden-xs"><%= t("samples.add_new_sample") %></span>
@@ -99,7 +99,7 @@
     <span class="hidden-xs-custom"><%= t("samples.edit_sample") %></span>
   </button>
 
-  <% if can_manage_sample?(@team) %>
+  <% if can_manage_samples?(@team) %>
     <button type="button" class="btn btn-default"
       id="deleteSamplesButton" data-target="#deleteSamples" data-toggle="modal" disabled>
       <span class="glyphicon glyphicon-trash"></span>