diff --git a/addons/default/visiosoft/advs-module/src/AdvsModuleServiceProvider.php b/addons/default/visiosoft/advs-module/src/AdvsModuleServiceProvider.php
index d73c8d622..8b96de2d9 100644
--- a/addons/default/visiosoft/advs-module/src/AdvsModuleServiceProvider.php
+++ b/addons/default/visiosoft/advs-module/src/AdvsModuleServiceProvider.php
@@ -219,8 +219,14 @@ class AdvsModuleServiceProvider extends AddonServiceProvider
             'uses' => 'Visiosoft\AdvsModule\Http\Controller\OptionConfigurationController@create',
         ],
 
-        'advs/configuration/ajax/create' => 'Visiosoft\AdvsModule\Http\Controller\OptionConfigurationController@ajaxCreate',
-        'advs/configuration/ajax/delete' => 'Visiosoft\AdvsModule\Http\Controller\OptionConfigurationController@ajaxDelete',
+        'advs/configuration/ajax/create' => [
+            'middleware' => 'auth',
+            'uses' => 'Visiosoft\AdvsModule\Http\Controller\OptionConfigurationController@ajaxCreate'
+        ],
+        'advs/configuration/ajax/delete' => [
+            'middleware' => 'auth',
+            'uses' => 'Visiosoft\AdvsModule\Http\Controller\OptionConfigurationController@ajaxDelete'
+        ],
 
         'conf/addCart' => [
             'as' => 'configuration::add_cart',
diff --git a/addons/default/visiosoft/advs-module/src/OptionConfiguration/OptionConfigurationRepository.php b/addons/default/visiosoft/advs-module/src/OptionConfiguration/OptionConfigurationRepository.php
index 72b7406e7..b5b842cbc 100644
--- a/addons/default/visiosoft/advs-module/src/OptionConfiguration/OptionConfigurationRepository.php
+++ b/addons/default/visiosoft/advs-module/src/OptionConfiguration/OptionConfigurationRepository.php
@@ -1,5 +1,6 @@
 <?php namespace Visiosoft\AdvsModule\OptionConfiguration;
 
+use Illuminate\Support\Facades\Auth;
 use Visiosoft\AdvsModule\Adv\Contract\AdvRepositoryInterface;
 use Visiosoft\AdvsModule\OptionConfiguration\Contract\OptionConfigurationRepositoryInterface;
 use Anomaly\Streams\Platform\Entry\EntryRepository;
@@ -93,7 +94,14 @@ class OptionConfigurationRepository extends EntryRepository implements OptionCon
         return $this->newQuery()->where('parent_adv_id', $adID)->delete();
     }
 
-    public function deleteConfig($id){
-        return $this->newQuery()->find($id)->delete();
+    public function deleteConfig($id)
+    {
+        if ($conf = ($this->newQuery()->find($id))) {
+            if ($conf->created_by_id === Auth::user()->getAuthIdentifier()) {
+                return $conf->delete();
+            }
+            return response()->json(['status' => 'error'], 403);
+        }
+        return response()->json(['status' => 'error'], 404);
     }
 }