diff --git a/circle/dashboard/views/node.py b/circle/dashboard/views/node.py
index 2f44962..5abc13e 100644
--- a/circle/dashboard/views/node.py
+++ b/circle/dashboard/views/node.py
@@ -75,7 +75,7 @@ node_ops = OrderedDict([
 ])
 
 
-class NodeDetailView(LoginRequiredMixin, SuperuserRequiredMixin,
+class NodeDetailView(LoginRequiredMixin,
                      GraphMixin, DetailView):
     template_name = "dashboard/node-detail.html"
     model = Node
@@ -83,6 +83,8 @@ class NodeDetailView(LoginRequiredMixin, SuperuserRequiredMixin,
     form_class = TraitForm
 
     def get_context_data(self, form=None, **kwargs):
+        if not self.request.user.has_perm('vm.view_statistics'):
+            raise PermissionDenied()
         if form is None:
             form = self.form_class()
         context = super(NodeDetailView, self).get_context_data(**kwargs)
@@ -98,6 +100,8 @@ class NodeDetailView(LoginRequiredMixin, SuperuserRequiredMixin,
         return context
 
     def post(self, request, *args, **kwargs):
+        if not request.user.is_superuser:
+            raise PermissionDenied()
         if request.POST.get('new_name'):
             return self.__set_name(request)
         if request.POST.get('to_remove'):
@@ -145,13 +149,14 @@ class NodeDetailView(LoginRequiredMixin, SuperuserRequiredMixin,
             return redirect(self.object.get_absolute_url())
 
 
-class NodeList(LoginRequiredMixin, SuperuserRequiredMixin,
-               GraphMixin, SingleTableView):
+class NodeList(LoginRequiredMixin, GraphMixin, SingleTableView):
     template_name = "dashboard/node-list.html"
     table_class = NodeListTable
     table_pagination = False
 
     def get(self, *args, **kwargs):
+        if not self.request.user.has_perm('vm.view_statistics'):
+            raise PermissionDenied()
         if self.request.is_ajax():
             nodes = Node.objects.all()
             nodes = [{