diff --git a/castellum/contacts/forms.py b/castellum/contacts/forms.py
index fd6a6e029482c0f02e2dfb73f12e9fb92b791bbe..9a898110ecfb262c804691eb66aca8e7ee963591 100644
--- a/castellum/contacts/forms.py
+++ b/castellum/contacts/forms.py
@@ -83,7 +83,7 @@ class ContactForm(forms.ModelForm):
         ]
 
     def __init__(self, *args, **kwargs):
-        user = kwargs.pop('user')
+        self.user = kwargs.pop('user')
         super().__init__(*args, **kwargs)
 
         self.address = self.get_address_form(**kwargs)
@@ -93,7 +93,7 @@ class ContactForm(forms.ModelForm):
         elif any([self.instance.get_address(), self.instance.phone_number, self.instance.email]):
             self.fields['guardians_pane'].initial = 'self'
 
-        self.fields['guardians_remove'].choices = self.get_guardians_rm_choices(user)
+        self.fields['guardians_remove'].choices = self.get_guardians_rm_choices(self.user)
 
     def get_address_form(self, **kwargs):
         address_kwargs = kwargs.copy()
@@ -182,13 +182,14 @@ class ContactForm(forms.ModelForm):
             contact = Contact.objects.get(pk=contact.pk)
 
         if self.cleaned_data.get('guardians_pane') == 'guardians':
-            contact.guardians.remove(*[
-                subject.contact for subject in self.cleaned_data.get('guardians_remove', [])
-            ])
-
-            contact.guardians.add(*[
-                subject.contact for subject in self.cleaned_data.get('guardians_add', [])
-            ])
+            if self.user.has_perm('subjects.change_subject'):
+                contact.guardians.remove(*[
+                    subject.contact for subject in self.cleaned_data.get('guardians_remove', [])
+                ])
+
+                contact.guardians.add(*[
+                    subject.contact for subject in self.cleaned_data.get('guardians_add', [])
+                ])
         else:
             contact.guardians.set([])
 
diff --git a/castellum/contacts/templates/contacts/__guardian_item.html b/castellum/contacts/templates/contacts/__guardian_item.html
index 82fbd160aa4063f5476f9079bad77e2d5e653d4c..77d72184230e69253adb5f0b68e489a24452891f 100644
--- a/castellum/contacts/templates/contacts/__guardian_item.html
+++ b/castellum/contacts/templates/contacts/__guardian_item.html
@@ -1,19 +1,22 @@
 {% load i18n auth %}
 
 <div class="rounded-lg border bg-light p-3 mb-2 d-flex align-items-center {% if removed %}text-muted{% endif %}" data-js="guardian-wrapper">
+    {% has_perm 'subjects.view_subject' user as can_view_subject %}
+    {% has_perm 'subjects.change_subject' user as can_change_subject %}
     <div class="flex-grow-1">
         <div>{% translate 'Guardian' %}</div>
         <label for="id_{{ name }}_{{ pk }}" class="h5 mb-0">{{ label }}</label>
         {% if name == 'guardians_remove' %}
-            <input id="id_{{ name }}_{{ pk }}" type="hidden" name="{{ name }}" value="{{ pk }}" {% if not removed %}disabled{% endif %}>
+            <input type="hidden" name="{{ name }}" {% if can_change_subject %}id="id_{{ name }}_{{ pk }}" value="{{ pk }}"{% endif %} {% if not removed %}disabled{% endif %}>
         {% else %}
-            <input id="id_{{ name }}_{{ pk }}" type="hidden" name="{{ name }}" value="{{ pk }}" {% if removed %}disabled{% endif %}>
+            <input type="hidden" name="{{ name }}" {% if can_change_subject %}id="id_{{ name }}_{{ pk }}" value="{{ pk }}"{% endif %} {% if removed %}disabled{% endif %}>
         {% endif %}
     </div>
-    {% has_perm 'subjects.view_subject' user as can_view_subject %}
     {% if slug and can_view_subject %}
         <a href="{% url 'subjects:detail' slug %}" class="btn btn-sm btn-outline-primary mx-1">{% translate 'Details' %}</a>
     {% endif %}
-    <button type="button" class="btn btn-sm btn-danger" {% if removed %}hidden{% endif %} data-js="guardian-remove">{% translate 'Remove' %}</button>
-    <button type="button" class="btn btn-sm btn-outline-danger" {% if not removed %}hidden{% endif %} data-js="guardian-restore">{% translate 'Restore' %}</button>
+    {% if can_change_subject %}
+        <button type="button" class="btn btn-sm btn-danger" {% if removed %}hidden{% endif %} data-js="guardian-remove">{% translate 'Remove' %}</button>
+        <button type="button" class="btn btn-sm btn-outline-danger" {% if not removed %}hidden{% endif %} data-js="guardian-restore">{% translate 'Restore' %}</button>
+    {% endif %}
 </div>
diff --git a/castellum/contacts/templates/contacts/contact_form.html b/castellum/contacts/templates/contacts/contact_form.html
index bf47abf0625df22ad8d7d8cfbb1f9c59c33b4502..f77673078c3e986c56d2ee94f0a50c210ea45534 100644
--- a/castellum/contacts/templates/contacts/contact_form.html
+++ b/castellum/contacts/templates/contacts/contact_form.html
@@ -1,5 +1,5 @@
 {% extends view.base_template|default:"subjects/base.html" %}
-{% load static i18n bootstrap4 %}
+{% load static i18n auth bootstrap4 %}
 
 {% block title %}
     {% if object %}
@@ -43,11 +43,14 @@
                 {% include 'contacts/__guardian_item.html' with name=form.guardians_remove.name pk=widget.data.value label=widget.choice_label slug=widget.choice_label.subject.slug removed=widget.data.selected %}
             {% endfor %}
 
-            {% for subject in form.cleaned_data.guardians_add %}
-                {% include 'contacts/__guardian_item.html' with name=form.guardians_add.name pk=subject.pk label=subject label=subject.contact.full_name removed=False %}
-            {% endfor %}
+            {% has_perm 'subjects.change_subject' user as can_change_subject %}
+            {% if can_change_subject %}
+                {% for subject in form.cleaned_data.guardians_add %}
+                    {% include 'contacts/__guardian_item.html' with name=form.guardians_add.name pk=subject.pk label=subject label=subject.contact.full_name removed=False %}
+                {% endfor %}
 
-            <button type="button" class="btn btn-primary" data-js="guardian-add">{% translate 'Add guardian' %}</button>
+                <button type="button" class="btn btn-primary" data-js="guardian-add">{% translate 'Add guardian' %}</button>
+            {% endif %}
         </div>
 
         <div class="d-print-none mb-3">