diff --git a/package-lock.json b/package-lock.json
index 3a316c4..2fb98b6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "add-php-backend",
-  "version": "1.5.0",
+  "version": "1.6.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "add-php-backend",
-      "version": "1.5.0",
+      "version": "1.6.0",
       "license": "MIT",
       "dependencies": {
         "fs-extra": "^11.2.0",
diff --git a/package.json b/package.json
index 0d53bf3..ac5ea9d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "add-php-backend",
-  "version": "1.5.0",
+  "version": "1.6.0",
   "description": "",
   "main": "src/index.js",
   "bin": "src/index.js",
diff --git a/src/templates/public/api.php b/src/templates/public/api.php
index 4d7c29f..d340de4 100644
--- a/src/templates/public/api.php
+++ b/src/templates/public/api.php
@@ -14,20 +14,51 @@
 @define('MYSQL_USERNAME', 'root');
 @define('MYSQL_PASSWORD', 'root');
 
+// User ID
+session_start();
+define('USERID', isset($_SESSION['user']['id']) ? $_SESSION['user']['id'] : 0);
+
 // Configuration
 $config = new Config([
 
     // Debug Mode
     'debug' => MYSQL_DATABASE === 'development',
 
-    // Database
+    // Database Credentials
     'address' => MYSQL_HOST,
     'database' => MYSQL_DATABASE,
     'username' => MYSQL_USERNAME,
     'password' => MYSQL_PASSWORD,
 
     // Database Authentication
-    'middlewares' => 'dbAuth'
+    'middlewares' => 'dbAuth,authorization',
+    'dbAuth.mode' => 'optional',
+    'dbAuth.registerUser' => '1',
+    'dbAuth.returnedColumns' => 'id,username',
+    'authorization.tableHandler' => function ($operation, $tableName) {        
+        // Disallow user table for delete operations
+        if ($operation === 'delete' && $tableName === 'users') {
+            return false;
+        }
+        // No other table limitation
+        return true;
+    },
+    'authorization.columnHandler' => function ($operation, $tableName, $columnName) {
+        // Hide user/password column
+        if (($operation === 'read' || $operation === 'list') && $tableName === 'users' && $columnName === 'password') {
+            return false;
+        }
+        // No other column limitation
+        return true;
+    },    
+    'authorization.recordHandler' => function ($operation, $tableName) {
+        // Limit user records to same user
+        if ($tableName === 'users' && $operation !== 'create') {
+            return 'filter=id,eq,' . USERID;
+        }
+        // No other record limitation
+        return true;
+    }    
     
 ]);