diff --git a/server/AyaNova/ControllerHelpers/Authorized.cs b/server/AyaNova/ControllerHelpers/Authorized.cs
index 14108cef..a9945336 100644
--- a/server/AyaNova/ControllerHelpers/Authorized.cs
+++ b/server/AyaNova/ControllerHelpers/Authorized.cs
@@ -11,7 +11,7 @@ namespace AyaNova.Api.ControllerHelpers
     {
 
         /// <summary>
-        /// User has any ops role limited or full
+        /// User has any role limited or full
         /// </summary>
         /// <param name="HttpContextItems"></param>   
         /// <param name="CheckRoles"></param>    
@@ -19,6 +19,17 @@ namespace AyaNova.Api.ControllerHelpers
         internal static bool HasAnyRole(IDictionary<object, object> HttpContextItems, AuthorizationRoles CheckRoles)
         {
             AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
+            return HasAnyRole(currentUserRoles, CheckRoles);
+        }
+
+        /// <summary>
+        /// User has any role limited or full
+        /// </summary>
+        /// <param name="currentUserRoles"></param>   
+        /// <param name="CheckRoles"></param>    
+        /// <returns></returns>       
+        internal static bool HasAnyRole(AuthorizationRoles currentUserRoles, AuthorizationRoles CheckRoles)
+        {
             if (currentUserRoles.HasAnyFlags(CheckRoles))
                 return true;
             return false;
@@ -35,7 +46,17 @@ namespace AyaNova.Api.ControllerHelpers
         internal static bool IsAuthorizedToReadFullRecord(IDictionary<object, object> HttpContextItems, AyaType objectType)
         {
             AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
+            return IsAuthorizedToReadFullRecord(currentUserRoles, objectType);
+        }
 
+        /// <summary>
+        /// READ FULL RECORD (not just name and id)
+        /// </summary>
+        /// <param name="currentUserRoles"></param>
+        /// <param name="objectType"></param>
+        /// <returns></returns>
+        internal static bool IsAuthorizedToReadFullRecord(AuthorizationRoles currentUserRoles, AyaType objectType)
+        {
             //NOTE: this assumes that if you can change you can read
             if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
                 return true;
@@ -44,10 +65,10 @@ namespace AyaNova.Api.ControllerHelpers
                 return true;
 
             return false;
-
-
         }
 
+
+
         /// <summary>
         /// CREATE
         /// </summary>
@@ -57,6 +78,17 @@ namespace AyaNova.Api.ControllerHelpers
         internal static bool IsAuthorizedToCreate(IDictionary<object, object> HttpContextItems, AyaType objectType)
         {
             AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
+            return IsAuthorizedToCreate(currentUserRoles, objectType);
+        }
+
+        /// <summary>
+        /// CREATE
+        /// </summary>
+        /// <param name="currentUserRoles"></param>
+        /// <param name="objectType"></param>
+        /// <returns></returns>
+        internal static bool IsAuthorizedToCreate(AuthorizationRoles currentUserRoles, AyaType objectType)
+        {
             if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
                 return true;
 
@@ -67,6 +99,9 @@ namespace AyaNova.Api.ControllerHelpers
         }
 
 
+
+
+
         /// <summary>
         /// MODIFY
         /// </summary>
@@ -78,9 +113,23 @@ namespace AyaNova.Api.ControllerHelpers
         {
             AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
             long currentUserId = UserIdFromContext.Id(HttpContextItems);
+            return IsAuthorizedToModify(currentUserRoles, currentUserId, objectType, ownerId);
+        }
 
+
+        /// <summary>
+        /// MODIFY
+        /// </summary>
+        /// <param name="currentUserRoles"></param>
+        /// <param name="currentUserId"></param>
+        /// <param name="objectType"></param>
+        /// <param name="ownerId"></param>
+        /// <returns></returns>
+        internal static bool IsAuthorizedToModify(AuthorizationRoles currentUserRoles, long currentUserId, AyaType objectType, long ownerId = -1)
+        {
             if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
                 return true;
+
             if (ownerId != -1)
                 if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).EditOwn) && ownerId == currentUserId)
                     return true;
@@ -103,7 +152,21 @@ namespace AyaNova.Api.ControllerHelpers
         {
             AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
             long currentUserId = UserIdFromContext.Id(HttpContextItems);
+            return IsAuthorizedToDelete(currentUserRoles, currentUserId, objectType, ownerId);
+        }
 
+
+        /// <summary>
+        /// DELETE
+        /// </summary>
+        /// <param name="currentUserRoles"></param>
+        /// <param name="currentUserId"></param>
+        /// <param name="objectType"></param>
+        /// <param name="ownerId"></param>
+        /// <returns></returns>
+        //For now just going to treat as a modify, but for maximum flexibility keeping this as a separate method in case we change our minds in future
+        internal static bool IsAuthorizedToDelete(AuthorizationRoles currentUserRoles, long currentUserId, AyaType objectType, long ownerId = 1)
+        {
             if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
                 return true;
 
diff --git a/server/AyaNova/biz/Search.cs b/server/AyaNova/biz/Search.cs
index 16d1de6c..24065fb9 100644
--- a/server/AyaNova/biz/Search.cs
+++ b/server/AyaNova/biz/Search.cs
@@ -98,7 +98,7 @@ namespace AyaNova.Biz
         }
 
 
-        //Class to hold search result
+        //Class to hold search result returned to client
         public class SearchResult
         {
             public string Name { get; set; }
@@ -106,10 +106,19 @@ namespace AyaNova.Biz
             public long Id { get; set; }
         }
 
+        // //Class to hold temporary matches during processing
+        // public class MatchingObject
+        // {
+        //     public bool NameMatch { get; set; }
+        //     public bool TagMatch { get; set; }
+        //     public AyaTypeId TypeAndId { get; set; }
+        // }
 
 
 
-        public static async Task<List<SearchResult>> DoSearch(AyContext ct, long localeId, SearchRequestParameters searchParameters)
+
+
+        public static async Task<List<SearchResult>> DoSearch(AyContext ct, long localeId, AuthorizationRoles currentUserRoles, SearchRequestParameters searchParameters)
         {
             List<SearchResult> ResultList = new List<SearchResult>();
 
@@ -289,9 +298,18 @@ namespace AyaNova.Biz
             }
 
             //REMOVE ANY ITEMS THAT USER IS NOT PERMITTED TO READ
-            foreach (AyaTypeId t in MatchingObjects)
+            //If it's a name only search then all is allowed
+            //If it's not a name only search then rights need to be checked for full read because even if it's just a tags search that's part of the full record of the object
+            if (!searchParameters.NameOnly)
             {
+                foreach (AyaTypeId t in MatchingObjects)
+                {
+                    if (AyaNova.Api.ControllerHelpers.Authorized.IsAuthorizedToReadFullRecord(currentUserRoles, t.ObjectType))
+                    {
 
+                    }
+
+                }
             }