diff --git a/app/Http/Middleware/CanCreateResources.php b/app/Http/Middleware/CanCreateResources.php
new file mode 100644
index 000000000..e91118ab0
--- /dev/null
+++ b/app/Http/Middleware/CanCreateResources.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Gate;
+use Symfony\Component\HttpFoundation\Response;
+
+class CanCreateResources
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        if (! Gate::allows('createAnyResource')) {
+            abort(403, 'You do not have permission to create resources.');
+        }
+
+        return $next($request);
+    }
+}
diff --git a/app/Policies/ApplicationPolicy.php b/app/Policies/ApplicationPolicy.php
index b848a9316..62deb50b1 100644
--- a/app/Policies/ApplicationPolicy.php
+++ b/app/Policies/ApplicationPolicy.php
@@ -99,4 +99,12 @@ class ApplicationPolicy
     {
         return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $application->team()->first()->id) !== null;
     }
+
+    /**
+     * Determine whether the user can cleanup deployment queue.
+     */
+    public function cleanupDeploymentQueue(User $user): bool
+    {
+        return $user->isAdmin();
+    }
 }
diff --git a/app/Policies/EnvironmentPolicy.php b/app/Policies/EnvironmentPolicy.php
new file mode 100644
index 000000000..9fdcb3abe
--- /dev/null
+++ b/app/Policies/EnvironmentPolicy.php
@@ -0,0 +1,65 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Environment;
+use App\Models\User;
+
+class EnvironmentPolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        return true;
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, Environment $environment): bool
+    {
+        return $user->teams()->get()->firstWhere('id', $environment->project->team_id) !== null;
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        return $user->isAdmin();
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, Environment $environment): bool
+    {
+        return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $environment->project->team_id) !== null;
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Environment $environment): bool
+    {
+        return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $environment->project->team_id) !== null;
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, Environment $environment): bool
+    {
+        return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $environment->project->team_id) !== null;
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, Environment $environment): bool
+    {
+        return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $environment->project->team_id) !== null;
+    }
+}
diff --git a/app/Policies/ProjectPolicy.php b/app/Policies/ProjectPolicy.php
new file mode 100644
index 000000000..27ed159bd
--- /dev/null
+++ b/app/Policies/ProjectPolicy.php
@@ -0,0 +1,65 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Project;
+use App\Models\User;
+
+class ProjectPolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        return true;
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, Project $project): bool
+    {
+        return $user->teams()->get()->firstWhere('id', $project->team_id) !== null;
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        return $user->isAdmin();
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, Project $project): bool
+    {
+        return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $project->team_id) !== null;
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Project $project): bool
+    {
+        return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $project->team_id) !== null;
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, Project $project): bool
+    {
+        return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $project->team_id) !== null;
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, Project $project): bool
+    {
+        return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $project->team_id) !== null;
+    }
+}
diff --git a/app/Policies/ResourceCreatePolicy.php b/app/Policies/ResourceCreatePolicy.php
new file mode 100644
index 000000000..58f6ba212
--- /dev/null
+++ b/app/Policies/ResourceCreatePolicy.php
@@ -0,0 +1,62 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Application;
+use App\Models\Service;
+use App\Models\StandaloneClickhouse;
+use App\Models\StandaloneDragonfly;
+use App\Models\StandaloneKeydb;
+use App\Models\StandaloneMariadb;
+use App\Models\StandaloneMongodb;
+use App\Models\StandaloneMysql;
+use App\Models\StandalonePostgresql;
+use App\Models\StandaloneRedis;
+use App\Models\User;
+
+class ResourceCreatePolicy
+{
+    /**
+     * List of resource classes that can be created
+     */
+    public const CREATABLE_RESOURCES = [
+        StandalonePostgresql::class,
+        StandaloneRedis::class,
+        StandaloneMongodb::class,
+        StandaloneMysql::class,
+        StandaloneMariadb::class,
+        StandaloneKeydb::class,
+        StandaloneDragonfly::class,
+        StandaloneClickhouse::class,
+        Service::class,
+        Application::class,
+    ];
+
+    /**
+     * Determine whether the user can create any resource.
+     */
+    public function createAny(User $user): bool
+    {
+        return $user->isAdmin();
+    }
+
+    /**
+     * Determine whether the user can create a specific resource type.
+     */
+    public function create(User $user, string $resourceClass): bool
+    {
+        if (! in_array($resourceClass, self::CREATABLE_RESOURCES)) {
+            return false;
+        }
+
+        return $user->isAdmin();
+    }
+
+    /**
+     * Authorize creation of all supported resource types.
+     */
+    public function authorizeAllResourceCreation(User $user): bool
+    {
+        return $this->createAny($user);
+    }
+}
diff --git a/app/Policies/ServicePolicy.php b/app/Policies/ServicePolicy.php
index b252d3600..c3f1f9a9a 100644
--- a/app/Policies/ServicePolicy.php
+++ b/app/Policies/ServicePolicy.php
@@ -28,7 +28,7 @@ class ServicePolicy
      */
     public function create(User $user): bool
     {
-        return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $service->team()->first()->id) !== null;
+        return $user->isAdmin();
     }
 
     /**
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index 3aefca9f2..50d21b724 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -3,7 +3,9 @@
 namespace App\Providers;
 
 // use Illuminate\Support\Facades\Gate;
+use App\Policies\ResourceCreatePolicy;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
+use Illuminate\Support\Facades\Gate;
 
 class AuthServiceProvider extends ServiceProvider
 {
@@ -20,6 +22,9 @@ class AuthServiceProvider extends ServiceProvider
         \App\Models\Application::class => \App\Policies\ApplicationPolicy::class,
         \App\Models\ApplicationPreview::class => \App\Policies\ApplicationPreviewPolicy::class,
         \App\Models\ApplicationSetting::class => \App\Policies\ApplicationSettingPolicy::class,
+        \App\Models\Service::class => \App\Policies\ServicePolicy::class,
+        \App\Models\Project::class => \App\Policies\ProjectPolicy::class,
+        \App\Models\Environment::class => \App\Policies\EnvironmentPolicy::class,
         // Database policies - all use the shared DatabasePolicy
         \App\Models\StandalonePostgresql::class => \App\Policies\DatabasePolicy::class,
         \App\Models\StandaloneMysql::class => \App\Policies\DatabasePolicy::class,
@@ -29,6 +34,7 @@ class AuthServiceProvider extends ServiceProvider
         \App\Models\StandaloneKeydb::class => \App\Policies\DatabasePolicy::class,
         \App\Models\StandaloneDragonfly::class => \App\Policies\DatabasePolicy::class,
         \App\Models\StandaloneClickhouse::class => \App\Policies\DatabasePolicy::class,
+
     ];
 
     /**
@@ -36,6 +42,7 @@ class AuthServiceProvider extends ServiceProvider
      */
     public function boot(): void
     {
-        //
+        // Register gates for resource creation policy
+        Gate::define('createAnyResource', [ResourceCreatePolicy::class, 'createAny']);
     }
 }
diff --git a/app/Traits/AuthorizesResourceCreation.php b/app/Traits/AuthorizesResourceCreation.php
new file mode 100644
index 000000000..01ae7c8d9
--- /dev/null
+++ b/app/Traits/AuthorizesResourceCreation.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Traits;
+
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
+
+trait AuthorizesResourceCreation
+{
+    use AuthorizesRequests;
+
+    /**
+     * Authorize creation of all supported resources.
+     *
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    protected function authorizeResourceCreation(): void
+    {
+        $this->authorize('createAnyResource');
+    }
+}
diff --git a/routes/web.php b/routes/web.php
index d6e60653c..a8486defa 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -179,8 +179,8 @@ Route::middleware(['auth', 'verified'])->group(function () {
     });
     Route::prefix('project/{project_uuid}/environment/{environment_uuid}')->group(function () {
         Route::get('/', ResourceIndex::class)->name('project.resource.index');
-        Route::get('/clone', ProjectCloneMe::class)->name('project.clone-me');
-        Route::get('/new', ResourceCreate::class)->name('project.resource.create');
+        Route::get('/clone', ProjectCloneMe::class)->name('project.clone-me')->middleware('can.create.resources');
+        Route::get('/new', ResourceCreate::class)->name('project.resource.create')->middleware('can.create.resources');
         Route::get('/edit', EnvironmentEdit::class)->name('project.environment.edit');
     });
     Route::prefix('project/{project_uuid}/environment/{environment_uuid}/application/{application_uuid}')->group(function () {