diff --git a/Marco.Pms.Services/Controllers/DirectoryController.cs b/Marco.Pms.Services/Controllers/DirectoryController.cs
index fcd82a7..de262fb 100644
--- a/Marco.Pms.Services/Controllers/DirectoryController.cs
+++ b/Marco.Pms.Services/Controllers/DirectoryController.cs
@@ -39,12 +39,17 @@ namespace Marco.Pms.Services.Controllers
             {
                 return Ok(response);
             }
+            else if (response.StatusCode == 401)
+            {
+                return Unauthorized(response);
+            }
             else
             {
                 return BadRequest(response);
             }
 
         }
+
         [HttpGet("contact-bucket/{bucketId}")]
         public async Task<IActionResult> GetContactsListByBucketId(Guid bucketId)
         {
diff --git a/Marco.Pms.Services/Helpers/DirectoryHelper.cs b/Marco.Pms.Services/Helpers/DirectoryHelper.cs
index 7fd68f0..318a2f7 100644
--- a/Marco.Pms.Services/Helpers/DirectoryHelper.cs
+++ b/Marco.Pms.Services/Helpers/DirectoryHelper.cs
@@ -1357,9 +1357,29 @@ namespace Marco.Pms.Services.Helpers
         {
             Guid tenantId = _userHelper.GetTenantId();
             var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
+            var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync();
+            var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync();
             List<EmployeeBucketMapping>? employeeBuckets = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).ToListAsync();
             List<Guid> bucketIds = employeeBuckets.Select(c => c.BucketId).ToList();
-            List<Guid> filterbucketIds = employeeBuckets.Select(c => c.BucketId).ToList();
+            if (permissionIds.Contains(directoryAdmin))
+            {
+                var buckets = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync();
+                bucketIds = buckets.Select(b => b.Id).ToList();
+            }
+            else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser))
+            {
+                var buckets = await _context.Buckets.Where(b => b.CreatedByID == LoggedInEmployee.Id).ToListAsync();
+                var createdBucketIds = buckets.Select(b => b.Id).ToList();
+                bucketIds.AddRange(createdBucketIds);
+                bucketIds = bucketIds.Distinct().ToList();
+            }
+            else
+            {
+                _logger.LogError("Employee {EmployeeId} attemped to access a contacts, but do not have permission", LoggedInEmployee.Id);
+                return ApiResponse<object>.ErrorResponse("You don't have permission", "You don't have permission", 401);
+            }
+
+            List<Guid> filterbucketIds = bucketIds;
             if (filterDto != null && filterDto.BucketIds != null && filterDto.BucketIds.Count > 0)
             {
                 filterbucketIds = filterDto.BucketIds;