diff --git a/backend/src/controllers/UserController.ts b/backend/src/controllers/UserController.ts
index d56a308..988ff95 100644
--- a/backend/src/controllers/UserController.ts
+++ b/backend/src/controllers/UserController.ts
@@ -23,8 +23,18 @@ export const index = async (req: Request, res: Response): Promise<Response> => {
     pageNumber
   });
 
+  if(req.user.profile!=='master'){ 
+   
+    let auxUsers: Array<object>  = [];  
 
-  
+    for (var user of users) { 
+      if(user.profile!=='master'){
+        auxUsers.push(user)
+      } 
+    }  
+
+    return res.json({ users: auxUsers, count, hasMore }); 
+ } 
 
   return res.json({ users, count, hasMore });
 };
@@ -67,7 +77,7 @@ export const update = async (
   req: Request,
   res: Response
 ): Promise<Response> => {
-  if (req.user.profile !== "admin") {
+  if (req.user.profile !== "admin" && req.user.profile !== "master") {
     throw new AppError("ERR_NO_PERMISSION", 403);
   }
 
diff --git a/backend/src/controllers/WhatsAppController.ts b/backend/src/controllers/WhatsAppController.ts
index dcaf0ad..66ca018 100644
--- a/backend/src/controllers/WhatsAppController.ts
+++ b/backend/src/controllers/WhatsAppController.ts
@@ -9,6 +9,8 @@ import ListWhatsAppsService from "../services/WhatsappService/ListWhatsAppsServi
 import ShowWhatsAppService from "../services/WhatsappService/ShowWhatsAppService";
 import UpdateWhatsAppService from "../services/WhatsappService/UpdateWhatsAppService";
 
+import AppError from "../errors/AppError";
+
 interface WhatsappData {
   name: string;
   queueIds: number[];
@@ -34,6 +36,10 @@ export const store = async (req: Request, res: Response): Promise<Response> => {
     queueIds
   }: WhatsappData = req.body;
 
+  if (req.user.profile !== "master") {
+    throw new AppError("ERR_NO_PERMISSION", 403);
+  }
+ 
   const { whatsapp, oldDefaultWhatsapp } = await CreateWhatsAppService({
     name,
     status,
@@ -101,7 +107,12 @@ export const remove = async (
   req: Request,
   res: Response
 ): Promise<Response> => {
-  const { whatsappId } = req.params;
+
+  if (req.user.profile !== "master") {
+    throw new AppError("ERR_NO_PERMISSION", 403);
+  } 
+
+  const { whatsappId } = req.params; 
 
   await DeleteWhatsAppService(whatsappId);
   removeWbot(+whatsappId);
diff --git a/frontend/src/rules.js b/frontend/src/rules.js
index c766513..6e11329 100644
--- a/frontend/src/rules.js
+++ b/frontend/src/rules.js
@@ -15,8 +15,7 @@ const rules = {
 			"connections-view:show",
 			"dashboard-view:show",
 			"queues-view:show",
-			"user-view:show", 
-
+			"user-view:show",   
 			
 		],
 	},