diff --git a/database/scores/games.js b/database/scores/games.js
index 3506356..8792b2e 100644
--- a/database/scores/games.js
+++ b/database/scores/games.js
@@ -5,7 +5,7 @@ const database = require('./../database');
 
 
 class Game {
-    constructor(id, date, team1ID, team2ID, team1Score, team2Score, divisionID, seasonID) {
+    constructor(id, date, team1ID, team2ID, team1Score, team2Score, divisionID, seasonID, submitterID) {
         this.id = id;
         this.date = date;
         this.team1ID = team1ID;
@@ -14,6 +14,7 @@ class Game {
         this.team2Score = team2Score;
         this.divisionID = divisionID;
         this.seasonID = seasonID;
+        this.submitterID = submitterID;
     }
 }
 
@@ -100,11 +101,11 @@ async function edit(gameID, divisionID, seasonID, date, team1ID, team2ID, team1S
 }
 
 async function getFromID(gameID) {
-    const query = `SELECT game_id, division_id, season_id, game_date, team1_id, team2_id, team1_score, team2_score
+    const query = `SELECT game_id, division_id, season_id, game_date, team1_id, team2_id, team1_score, team2_score, submitter_id
             FROM scores.games
             WHERE game_id = $1;`;
     const row = (await database.executeQuery(query, [gameID]))[0];
-    return new Game(row[0], row[3].toISOString().slice(0,10), row[4], row[5], row[6], row[7], row[1], row[2]);
+    return new Game(row[0], row[3].toISOString().slice(0,10), row[4], row[5], row[6], row[7], row[1], row[2], row[8]);
 }
 
 
diff --git a/routes/manage.js b/routes/manage.js
index b01b477..0a9c16e 100644
--- a/routes/manage.js
+++ b/routes/manage.js
@@ -55,12 +55,21 @@ router.post('/game', userLoggedIn, function(req, res, next) {
   const id = req.body['game'];
   const remove = req.body['remove'];
 
-  if(remove) games.remove(id)
-          .then(res.redirect("/manage"));
-  else if(id) games.edit(id, divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score)
-          .then(res.redirect('/manage'));
-  else games.add(divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, userID)
-          .then(res.redirect("/manage"));
+  const loggedInUserID = req.user[0];
+  const loggedInUserIsAdmin = req.user[2];
+
+  games.getFromID(id)
+    .then(game => {
+      if(!loggedInUserIsAdmin && loggedInUserID != game.submitterID) {
+        res.status(403).send("ACCESS DENIED");
+      }
+      else if(remove) games.remove(id)
+              .then(res.redirect("/manage"));
+      else if(id) games.edit(id, divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score)
+              .then(res.redirect('/manage'));
+      else games.add(divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, userID)
+              .then(res.redirect("/manage"));
+    });
 });
 
 router.get('/season', adminLoggedIn, function(req, res, next) {