diff --git a/api/analysis.go b/api/analysis.go
index dc8a4a14..61090555 100644
--- a/api/analysis.go
+++ b/api/analysis.go
@@ -54,23 +54,24 @@ type AnalysisHandler struct {
 //
 // AddRoutes adds routes.
 func (h AnalysisHandler) AddRoutes(e *gin.Engine) {
+	// Primary
 	routeGroup := e.Group("/")
-	routeGroup.Use(Required("application"))
-	//
+	routeGroup.Use(Required("analyses"))
 	routeGroup.GET(AnalysisRoot, h.Get)
 	routeGroup.DELETE(AnalysisRoot, h.Delete)
 	routeGroup.GET(AnalysesDepsRoot, h.Deps)
 	routeGroup.GET(AnalysesIssuesRoot, h.Issues)
 	routeGroup.GET(AnalysesIssueRoot, h.Issue)
 	routeGroup.GET(AnalysisIncidentsRoot, h.Incidents)
-	//
 	routeGroup.GET(AnalysisReportRuleRoot, h.RuleReports)
 	routeGroup.GET(AnalysisReportAppsIssuesRoot, h.AppIssueReports)
 	routeGroup.GET(AnalysisReportIssuesAppsRoot, h.IssueAppReports)
 	routeGroup.GET(AnalysisReportFileRoot, h.FileReports)
 	routeGroup.GET(AnalysisReportDepsRoot, h.DepReports)
 	routeGroup.GET(AnalysisReportDepsAppsRoot, h.DepAppReports)
-	//
+	// Application
+	routeGroup = e.Group("/")
+	routeGroup.Use(Required("applications.analyses"))
 	routeGroup.POST(AppAnalysesRoot, h.AppCreate)
 	routeGroup.GET(AppAnalysesRoot, h.AppList)
 	routeGroup.GET(AppAnalysisRoot, h.AppLatest)
diff --git a/auth/role.go b/auth/role.go
index 01f805fe..fd8ac1b3 100644
--- a/auth/role.go
+++ b/auth/role.go
@@ -18,6 +18,7 @@ var AddonRole = []string{
 	"applications.tags:*",
 	"applications.facts:*",
 	"applications.bucket:*",
+	"applications.analyses:*",
 	"identities:get",
 	"identities:decrypt",
 	"proxies:get",
diff --git a/auth/roles.yaml b/auth/roles.yaml
index 7b9bfd7e..6fd0f95d 100644
--- a/auth/roles.yaml
+++ b/auth/roles.yaml
@@ -33,6 +33,12 @@
         - get
         - post
         - put
+    - name: applications.analyses
+      verbs:
+        - delete
+        - get
+        - post
+        - put
     - name: applications.stakeholders
       verbs:
         - put
@@ -173,6 +179,12 @@
         - get
         - post
         - put
+    - name: analyses
+      verbs:
+        - delete
+        - get
+        - post
+        - put
 - role: tackle-architect
   resources:
     - name: addons
@@ -208,6 +220,12 @@
         - get
         - post
         - put
+    - name: applications.analyses
+      verbs:
+        - delete
+        - get
+        - post
+        - put
     - name: applications.stakeholders
       verbs:
         - put
@@ -335,6 +353,12 @@
         - get
         - post
         - put
+    - name: analyses
+      verbs:
+        - delete
+        - get
+        - post
+        - put
 - role: tackle-migrator
   resources:
     - name: addons
@@ -355,6 +379,9 @@
     - name: applications.bucket
       verbs:
         - get
+    - name: applications.analyses
+      verbs:
+        - get
     - name: assessments
       verbs:
         - get
@@ -436,6 +463,9 @@
     - name: targets
       verb:
         - get
+    - name: analyses
+      verbs:
+        - get
 - role: tackle-project-manager
   resources:
     - name: addons
@@ -456,6 +486,9 @@
     - name: applications.bucket
       verbs:
         - get
+    - name: applications.analyses
+      verbs:
+        - get
     - name: applications.stakeholders
       verbs:
         - put
@@ -530,4 +563,7 @@
         - put
     - name: targets
       verbs:
-        - get
\ No newline at end of file
+        - get
+    - name: analyses
+      verbs:
+        - get