diff --git a/app/controllers/custom_fields_controller.rb b/app/controllers/custom_fields_controller.rb
index fc7fbe541..923e1b020 100644
--- a/app/controllers/custom_fields_controller.rb
+++ b/app/controllers/custom_fields_controller.rb
@@ -3,7 +3,8 @@ class CustomFieldsController < ApplicationController
 
   before_action :load_vars, except: :create
   before_action :load_vars_nested, only: [:create, :destroy_html]
-  before_action :check_permissions
+  before_action :check_create_permissions, only: :create
+  before_action :check_update_and_delete_permissions, except: :create
 
   def create
     @custom_field = CustomField.new(custom_field_params)
@@ -103,10 +104,14 @@ class CustomFieldsController < ApplicationController
     render_404 unless @team
   end
 
-  def check_permissions
+  def check_create_permissions
     render_403 unless can_manage_sample_elements?(@team)
   end
 
+  def check_update_and_delete_permissions
+    render_403 unless can_update_or_delete_custom_field?(@custom_field)
+  end
+
   def custom_field_params
     params.require(:custom_field).permit(:name)
   end
diff --git a/app/permissions/team.rb b/app/permissions/team.rb
index c4f4c9019..e9757d892 100644
--- a/app/permissions/team.rb
+++ b/app/permissions/team.rb
@@ -32,7 +32,8 @@ Canaid::Permissions.register_for(Team) do
     user.is_normal_user_or_admin_of_team?(team)
   end
 
-  # create, update, delete custom field, sample type and sample group
+  # create custom field
+  # create, update, delete sample type or sample group
   can :manage_sample_elements do |user, team|
     user.is_normal_user_or_admin_of_team?(team)
   end
@@ -88,3 +89,10 @@ Canaid::Permissions.register_for(Sample) do
     can_manage_samples?(user, sample.team)
   end
 end
+
+Canaid::Permissions.register_for(CustomField) do
+  # update, delete custom field
+  can :update_or_delete_custom_field do |user, custom_field|
+    can_manage_sample_elements?(user, custom_field.team)
+  end
+end
diff --git a/app/views/shared/_samples.html.erb b/app/views/shared/_samples.html.erb
index 7977c2eec..e4ecdb346 100644
--- a/app/views/shared/_samples.html.erb
+++ b/app/views/shared/_samples.html.erb
@@ -148,8 +148,8 @@
         <% all_custom_fields.each do |cf| %>
         <th class="custom-field"
             id="<%= cf.id %>"
-            <%= 'data-editable' if can_manage_sample_elements?(@team) %>
-            <%= 'data-deletable' if can_manage_sample_elements?(@team) %>
+            <%= 'data-editable' if can_update_or_delete_custom_field?(cf) %>
+            <%= 'data-deletable' if can_update_or_delete_custom_field?(cf) %>
             <%= "data-edit-url='#{edit_team_custom_field_path(@team, cf)}'" %>
             <%= "data-update-url='#{team_custom_field_path(@team, cf)}'" %>
             <%= "data-destroy-html-url='#{team_custom_field_destroy_html_path(@team, cf)}'" %>