diff --git a/pkg/service/security.go b/pkg/service/security.go
index 2896aca..e3bc4d2 100644
--- a/pkg/service/security.go
+++ b/pkg/service/security.go
@@ -17,6 +17,9 @@ var (
 // Submissions roles bitflag
 type Roles int32
 var (
+	// Only users with this role are allowed to submit models they don't own
+	RolesSubmissionCreateNotModelOwner Roles = 1<<8
+	RolesMapfixCreateNotModelOwner Roles = 1<<7
 	RolesSubmissionUpload Roles = 1<<6
 	RolesSubmissionReview Roles = 1<<5
 	RolesSubmissionRelease Roles = 1<<4
@@ -37,10 +40,10 @@ var (
 	RolesAll Roles = ^RolesEmpty
 	// has SubmissionUpload
 	RoleMapAdmin GroupRole = 128
-	RolesMapAdmin Roles = RolesSubmissionRelease|RolesSubmissionUpload|RolesSubmissionReview|RolesMapCouncil
+	RolesMapAdmin Roles = RolesSubmissionRelease|RolesSubmissionUpload|RolesSubmissionReview|RolesSubmissionCreateNotModelOwner|RolesMapCouncil
 	// has MapfixReview
 	RoleMapCouncil GroupRole = 64
-	RolesMapCouncil Roles = RolesMapfixReview|RolesMapfixUpload|RolesMapAccess
+	RolesMapCouncil Roles = RolesMapfixReview|RolesMapfixUpload|RolesMapfixCreateNotModelOwner|RolesMapAccess
 	// access to downloading maps
 	RoleMapAccess GroupRole = 32
 	RolesMapAccess Roles = RolesMapDownload
@@ -130,6 +133,12 @@ func (usr UserInfoHandle) GetRoles() (Roles, error) {
 }
 
 // RoleThumbnail
+func (usr UserInfoHandle) HasRoleMapfixCreateNotModelOwner() (bool, error) {
+	return usr.hasRoles(RolesMapfixCreateNotModelOwner)
+}
+func (usr UserInfoHandle) HasRoleSubmissionCreateNotModelOwner() (bool, error) {
+	return usr.hasRoles(RolesSubmissionCreateNotModelOwner)
+}
 func (usr UserInfoHandle) HasRoleMapfixUpload() (bool, error) {
 	return usr.hasRoles(RolesMapfixUpload)
 }