diff --git a/dmp-backend/core/src/main/java/eu/eudat/authorization/Permission.java b/dmp-backend/core/src/main/java/eu/eudat/authorization/Permission.java
index 952351b6a..12ff43b0a 100644
--- a/dmp-backend/core/src/main/java/eu/eudat/authorization/Permission.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/authorization/Permission.java
@@ -70,7 +70,7 @@ public final class Permission {
 	public static String BrowseDmp = "BrowseDmp";
 	public static String EditDmp = "EditDmp";
 	public static String NewDmp = "NewDmp";
-	
+	public static String DepositDmp = "DepositDmp";
 	public static String DeleteDmp = "DeleteDmp";
 	public static String CloneDmp = "CloneDmp";
 	public static String CreateNewVersionDmp = "CreateNewVersionDmp";
diff --git a/dmp-backend/core/src/main/java/eu/eudat/service/deposit/DepositServiceImpl.java b/dmp-backend/core/src/main/java/eu/eudat/service/deposit/DepositServiceImpl.java
index a609af160..cf844c57b 100644
--- a/dmp-backend/core/src/main/java/eu/eudat/service/deposit/DepositServiceImpl.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/service/deposit/DepositServiceImpl.java
@@ -2,6 +2,7 @@ package eu.eudat.service.deposit;
 
 import eu.eudat.authorization.AuthorizationFlags;
 import eu.eudat.authorization.Permission;
+import eu.eudat.authorization.authorizationcontentresolver.AuthorizationContentResolver;
 import eu.eudat.commonmodels.models.FileEnvelopeModel;
 import eu.eudat.commonmodels.models.dmp.DmpModel;
 import eu.eudat.commons.enums.StorageType;
@@ -69,6 +70,7 @@ public class DepositServiceImpl implements DepositService {
     private final ValidatorFactory validatorFactory;
     private final StorageFileProperties storageFileProperties;
     private final ConventionService conventionService;
+    private final AuthorizationContentResolver authorizationContentResolver;
     @Autowired
     public DepositServiceImpl(DepositProperties depositProperties,
                               TokenExchangeCacheService tokenExchangeCacheService,
@@ -77,7 +79,7 @@ public class DepositServiceImpl implements DepositService {
                               EntityDoiService doiService,
                               QueryFactory queryFactory,
                               MessageSource messageSource,
-                              BuilderFactory builderFactory, DepositConfigurationCacheService depositConfigurationCacheService, FileTransformerService fileTransformerService, StorageFileService storageFileService, UserScope userScope, ValidatorFactory validatorFactory, StorageFileProperties storageFileProperties, ConventionService conventionService) {
+                              BuilderFactory builderFactory, DepositConfigurationCacheService depositConfigurationCacheService, FileTransformerService fileTransformerService, StorageFileService storageFileService, UserScope userScope, ValidatorFactory validatorFactory, StorageFileProperties storageFileProperties, ConventionService conventionService, AuthorizationContentResolver authorizationContentResolver) {
         this.depositProperties = depositProperties;
         this.tokenExchangeCacheService = tokenExchangeCacheService;
         this.authorizationService = authorizationService;
@@ -93,6 +95,7 @@ public class DepositServiceImpl implements DepositService {
 	    this.validatorFactory = validatorFactory;
 	    this.storageFileProperties = storageFileProperties;
 	    this.conventionService = conventionService;
+	    this.authorizationContentResolver = authorizationContentResolver;
 	    this.clients = new HashMap<>();
     }
 
@@ -139,9 +142,7 @@ public class DepositServiceImpl implements DepositService {
 
     @Override
     public EntityDoi deposit(DepositRequest dmpDepositModel) throws Exception {
-        this.authorizationService.authorizeForce(Permission.EditDeposit);
-        
-        this.authorizationService.authorize(Permission.EditDmp);
+        this.authorizationService.authorizeAtLeastOneForce(List.of(this.authorizationContentResolver.dmpAffiliation(dmpDepositModel.getDmpId())), Permission.DepositDmp);
         //GK: First get the right client
         DepositClient depositClient = getDepositClient(dmpDepositModel.getRepositoryId());
         if (depositClient == null) throw new MyNotFoundException(messageSource.getMessage("General_ItemNotFound", new Object[]{dmpDepositModel.getRepositoryId(), DepositClient.class.getSimpleName()}, LocaleContextHolder.getLocale()));
diff --git a/dmp-backend/web/src/main/resources/config/permissions.yml b/dmp-backend/web/src/main/resources/config/permissions.yml
index 2d15c8612..d1ae62801 100644
--- a/dmp-backend/web/src/main/resources/config/permissions.yml
+++ b/dmp-backend/web/src/main/resources/config/permissions.yml
@@ -387,6 +387,19 @@ permissions:
       clients: [ ]
       allowAnonymous: false
       allowAuthenticated: false
+    DepositDmp:
+      roles:
+        - Admin
+      dmp:
+        roles:
+          - Owner
+          - User
+          - DescriptionContributor
+          - Reviewer
+      claims: [ ]
+      clients: [ ]
+      allowAnonymous: false
+      allowAuthenticated: false
     CloneDmp:
       roles:
         - Admin
diff --git a/dmp-frontend/src/app/core/common/enum/permission.enum.ts b/dmp-frontend/src/app/core/common/enum/permission.enum.ts
index 6051f9205..a2c6c01f0 100644
--- a/dmp-frontend/src/app/core/common/enum/permission.enum.ts
+++ b/dmp-frontend/src/app/core/common/enum/permission.enum.ts
@@ -20,7 +20,8 @@ export enum AppPermission {
 	BrowseDmp = "BrowseDmp",
 	EditDmp = "EditDmp",
 	NewDmp = "NewDmp",
-	DeleteDmp= "DeleteDmp",
+	DeleteDmp = "DeleteDmp",
+	DepositDmp = "DepositDmp",
 	CloneDmp = "CloneDmp",
 	CreateNewVersionDmp = "CreateNewVersionDmp",
 	ExportDmp = "ExportDmp",
diff --git a/dmp-frontend/src/app/core/services/dmp/dmp.service.ts b/dmp-frontend/src/app/core/services/dmp/dmp.service.ts
index 772eff79a..736061c39 100644
--- a/dmp-frontend/src/app/core/services/dmp/dmp.service.ts
+++ b/dmp-frontend/src/app/core/services/dmp/dmp.service.ts
@@ -248,8 +248,4 @@ export class DmpService {
 		}
 		return dmpUserRoles;
 	}
-
-	isDmpOwner(dmpUsers: DmpUser[]): Boolean {
-		return this.getCurrentUserRolesInDmp(dmpUsers).includes(DmpUserRole.Owner);
-	}
 }
diff --git a/dmp-frontend/src/app/ui/dmp/overview/dmp-overview.component.html b/dmp-frontend/src/app/ui/dmp/overview/dmp-overview.component.html
index b858194f5..f1a42138e 100644
--- a/dmp-frontend/src/app/ui/dmp/overview/dmp-overview.component.html
+++ b/dmp-frontend/src/app/ui/dmp/overview/dmp-overview.component.html
@@ -144,8 +144,8 @@
 								<hr class="hr-line">
 							</div>
 						</div>
-						<app-dmp-deposit-dropdown *ngIf="(hasDoi(dmp) || moreDeposit()) && isFinalizedDmp(dmp) && !this.isPublicView && isDmpOwner(dmp) && inputRepos.length > 0" [inputRepos]="inputRepos" [dmp]="dmp" (outputReposEmitter)="afterDeposit($event)"></app-dmp-deposit-dropdown>
-						<div *ngIf="isFinalizedDmp(dmp) && hasDoi(dmp) && !isPublishedDmp(dmp) && isDmpOwner(dmp)" (click)="reverseFinalization()" class="row ml-0 mr-0 pl-4 pb-3 d-flex align-items-center">
+						<app-dmp-deposit-dropdown *ngIf="(hasDoi(dmp) || moreDeposit()) && isFinalizedDmp(dmp) && !this.isPublicView && canDepositDmp(dmp) && inputRepos.length > 0" [inputRepos]="inputRepos" [dmp]="dmp" (outputReposEmitter)="afterDeposit($event)"></app-dmp-deposit-dropdown>
+						<div *ngIf="isFinalizedDmp(dmp) && hasDoi(dmp) && !isPublishedDmp(dmp) && canFinalizeDmp(dmp)" (click)="reverseFinalization()" class="row ml-0 mr-0 pl-4 pb-3 d-flex align-items-center">
 							<button mat-mini-fab class="frame-btn">
 								<mat-icon class="mat-mini-fab-icon">unarchive</mat-icon>
 							</button>
diff --git a/dmp-frontend/src/app/ui/dmp/overview/dmp-overview.component.ts b/dmp-frontend/src/app/ui/dmp/overview/dmp-overview.component.ts
index feaf3f4f4..235390a54 100644
--- a/dmp-frontend/src/app/ui/dmp/overview/dmp-overview.component.ts
+++ b/dmp-frontend/src/app/ui/dmp/overview/dmp-overview.component.ts
@@ -121,7 +121,7 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
 							if (this.dmp.descriptions) {
 								if (this.dmp.status == DmpStatus.Finalized) {
 									this.dmp.descriptions = data.descriptions.filter(x => x.isActive === IsActive.Active && x.status === DescriptionStatus.Finalized);
-								} else { 
+								} else {
 									this.dmp.descriptions = data.descriptions.filter(x => x.isActive === IsActive.Active && x.status !== DescriptionStatus.Canceled);
 								}
 							}
@@ -202,11 +202,6 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
 		} else return false;
 	}
 
-	isDmpOwner(): boolean {
-		const principalId: Guid = this.authentication.userId();
-		if (principalId) return !!this.dmp.dmpUsers?.find(x => (x.role === DmpUserRole.Owner) && (principalId === x.user?.id));
-	}
-
 	canEditDmp(): boolean{
 		return (this.isDraftDmp()) && (this.dmp.authorizationFlags?.some(x => x === AppPermission.EditDmp) || this.authentication.hasPermission(AppPermission.EditDmp)) && this.isPublicView == false;
 	}
@@ -239,6 +234,11 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
 		return this.dmp.authorizationFlags?.some(x => x === AppPermission.AssignDmpUsers) || this.authentication.hasPermission(AppPermission.AssignDmpUsers) && this.isPublicView == false;
 	}
 
+	canDepositDmp(): boolean {
+		return this.dmp.authorizationFlags?.some(x => x === AppPermission.DepositDmp) || this.authentication.hasPermission(AppPermission.DepositDmp) && this.isPublicView == false;
+	}
+
+
 	editClicked() {
 		this.router.navigate(['/plans/edit/', this.dmp.id]);
 	}
@@ -741,6 +741,7 @@ export class DmpOverviewComponent extends BaseComponent implements OnInit {
 			[nameof<Dmp>(x => x.authorizationFlags), AppPermission.InviteDmpUsers].join('.'),
 			[nameof<Dmp>(x => x.authorizationFlags), AppPermission.AssignDmpUsers].join('.'),
 			[nameof<Dmp>(x => x.authorizationFlags), AppPermission.EditDmp].join('.'),
+			[nameof<Dmp>(x => x.authorizationFlags), AppPermission.DepositDmp].join('.'),
 			[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.id)].join('.'),
 			[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.repositoryId)].join('.'),
 			[nameof<Dmp>(x => x.entityDois), nameof<EntityDoi>(x => x.doi)].join('.'),