diff --git a/aleksis/apps/tezor/rules.py b/aleksis/apps/tezor/rules.py
new file mode 100644
index 0000000000000000000000000000000000000000..3283b77567547f88472b26260846f1224ef734e3
--- /dev/null
+++ b/aleksis/apps/tezor/rules.py
@@ -0,0 +1,72 @@
+import rules
+
+from .models.base import Client
+from .models.invoice import Invoice, InvoiceGroup
+
+from aleksis.core.util.predicates import has_person, has_global_perm, has_any_object
+
+# View clients
+view_clients_predicate = has_person & (
+    has_global_perm("tezor.view_client") | has_any_object("tezor.view_client", Client)
+)
+rules.add_perm("tezor.view_clients_rule", view_clients_predicate)
+
+# View client
+view_client_predicate = has_person & (
+    has_global_perm("tezor.view_client") | has_object_perm("tezor.view_client")
+)
+rules.add_perm("tezor.view_client_rule", view_client_predicate)
+
+# Edit clients
+edit_client_predicate = has_person & (
+    has_global_perm("tezor.edit_client") | has_object_perm("tezor.edit_client")
+)
+rules.add_perm("tezor.edit_client_rule", edit_clients_predicate)
+
+# Create clients
+create_client_predicate = has_person & (
+    has_global_perm("tezor.create_client") | has_any_object("tezor.create_client", Client)
+)
+rules.add_perm("tezor.create_client_rule", create_client_predicate)
+
+# Delete clients
+delete_client_predicate = has_person & (
+    has_global_perm("tezor.delete_client") | has_object_perm("tezor.delete_client")
+)
+rules.add_perm("tezor.delete_client_rule", delete_client_predicate)
+
+# View invoice groups
+view_invoice_groups_predicate = has_person & (
+    has_global_perm("tezor.view_invoice_group") | has_any_object("tezor.view_invoice_group", InvoiceGroup)
+)
+rules.add_perm("tezor.view_invoice_groups_rule", view_invoice_groups_predicate)
+
+# View invoice_group
+view_invoice_group_predicate = has_person & (
+    has_global_perm("tezor.view_invoice_group") | has_object_perm("tezor.view_invoice_group")
+)
+rules.add_perm("tezor.view_invoice_group_rule", view_invoice_group_predicate)
+
+# Edit invoice groups
+edit_invoice_group_predicate = has_person & (
+    has_global_perm("tezor.edit_invoice_group") | has_object_perm("tezor.edit_invoice_group")
+)
+rules.add_perm("tezor.edit_invoice_group_rule", edit_invoice_group_predicate)
+
+# Create invoice groups
+create_invoice_groups_predicate = has_person & (
+    has_global_perm("tezor.create_invoice_group") | has_any_object("tezor.create_invoice_group", InvoiceGroup)
+)
+rules.add_perm("tezor.create_invoice_groups_rule", create_invoice_groups_predicate)
+
+# Delete invoice groups
+delete_invoice_groups_predicate = has_person & (
+    has_global_perm("tezor.delete_invoice_group") | has_any_object("tezor.delete_invoice_group", InvoiceGroup)
+)
+rules.add_perm("tezor.delete_invoice_groups_rule", delete_invoice_groups_predicate)
+
+# View invoice
+view_invoice_predicate = has_person & (
+    has_global_perm("tezor.view_invoice") | has_object_perm("tezor.view_invoice")
+)
+rules.add_perm("tezor.view_invoice_rule", view_invoice_predicate)
diff --git a/aleksis/apps/tezor/views.py b/aleksis/apps/tezor/views.py
index 27939605b54e85cf57ce36abaad31d147e8132da..04a87cd641643b58cba1e1ff6a5015ec7c89846a 100644
--- a/aleksis/apps/tezor/views.py
+++ b/aleksis/apps/tezor/views.py
@@ -37,7 +37,7 @@ class ClientListView(PermissionRequiredMixin, SingleTableView):
 
     model = Client
     table_class = ClientsTable
-    permission_required = "tezor.view_clients"
+    permission_required = "tezor.view_clients_rule"
     template_name = "tezor/client/list.html"
 
 
@@ -47,7 +47,7 @@ class ClientCreateView(PermissionRequiredMixin, AdvancedCreateView):
 
     model = Client
     form_class = EditClientForm
-    permission_required = "tezor.add_clients"
+    permission_required = "tezor.create_client_rule"
     template_name = "tezor/client/create.html"
     success_url = reverse_lazy("clients")
     success_message = _("The client has been created.")
@@ -59,7 +59,7 @@ class ClientEditView(PermissionRequiredMixin, AdvancedEditView):
 
     model = Client
     form_class = EditClientForm
-    permission_required = "tezor.edit_clients"
+    permission_required = "tezor.edit_client_rule"
     template_name = "tezor/client/edit.html"
     success_url = reverse_lazy("clients")
     success_message = _("The client has been saved.")
@@ -69,7 +69,7 @@ class ClientDeleteView(PermissionRequiredMixin, AdvancedDeleteView):
     """Delete view for client."""
 
     model = Client
-    permission_required = "tezor.delete_client"
+    permission_required = "tezor.delete_client_rule"
     template_name = "core/pages/delete.html"
     success_url = reverse_lazy("clients")
     success_message = _("The client has been deleted.")
@@ -78,7 +78,7 @@ class ClientDeleteView(PermissionRequiredMixin, AdvancedDeleteView):
 class ClientDetailView(PermissionRequiredMixin, DetailView):
 
     model = Client
-    permission_required = "tezor.view_client"
+    permission_required = "tezor.view_client_rule"
     template_name = "tezor/client/full.html"
 
     def get_context_data(self, object):
@@ -94,7 +94,7 @@ class ClientDetailView(PermissionRequiredMixin, DetailView):
 class InvoiceGroupDetailView(PermissionRequiredMixin, DetailView):
 
     model = InvoiceGroup
-    permission_required = "tezor.view_invoice_group"
+    permission_required = "tezor.view_invoice_group_rule"
     template_name = "tezor/invoice_group/full.html"
 
     def get_context_data(self, object):
@@ -114,7 +114,7 @@ class InvoiceGroupCreateView(PermissionRequiredMixin, AdvancedCreateView):
 
     model = InvoiceGroup
     form_class = EditInvoiceGroupForm
-    permission_required = "tezor.add_invoice_groups"
+    permission_required = "tezor.create_invoice_groups_rule"
     template_name = "tezor/invoice_group/create.html"
     success_url = reverse_lazy("clients")
     success_message = _("The invoice_group has been created.")
@@ -132,7 +132,7 @@ class InvoiceGroupEditView(PermissionRequiredMixin, AdvancedEditView):
 
     model = InvoiceGroup
     form_class = EditInvoiceGroupForm
-    permission_required = "tezor.edit_invoice_groups"
+    permission_required = "tezor.edit_invoice_group_rule"
     template_name = "tezor/invoice_group/edit.html"
     success_url = reverse_lazy("invoice_groups")
     success_message = _("The invoice_group has been saved.")
@@ -142,7 +142,7 @@ class InvoiceGroupDeleteView(PermissionRequiredMixin, AdvancedDeleteView):
     """Delete view for invoice_group."""
 
     model = InvoiceGroup
-    permission_required = "tezor.delete_invoice_group"
+    permission_required = "tezor.delete_invoice_group_rule"
     template_name = "core/pages/delete.html"
     success_url = reverse_lazy("invoice_groups")
     success_message = _("The invoice_group has been deleted.")
@@ -151,5 +151,5 @@ class InvoiceGroupDeleteView(PermissionRequiredMixin, AdvancedDeleteView):
 class InvoiceDetailView(PermissionRequiredMixin, DetailView):
 
     model = Invoice
-    permission_required = "tezor.view_invoice"
+    permission_required = "tezor.view_invoice_rule"
     template_name = "tezor/invoice/full.html"