diff --git a/CHANGES b/CHANGES
index f2e21ef34..cd69cd348 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2703,4 +2703,5 @@
 * dashboard: remove nginx config of old domain when domain changed
 * Show disk consumption of docker volumes for /run and /tmp of apps separately
 * dns: add dnsimple automation
+* roles: admin role can access branding and networking
 
diff --git a/dashboard/src/views/branding.js b/dashboard/src/views/branding.js
index 2e81d755e..eb7e51c93 100644
--- a/dashboard/src/views/branding.js
+++ b/dashboard/src/views/branding.js
@@ -4,7 +4,7 @@
 /* global $:false */
 
 angular.module('Application').controller('BrandingController', ['$scope', '$location', 'Client', function ($scope, $location, Client) {
-    Client.onReady(function () { if (Client.getUserInfo().role !== 'owner') $location.path('/'); });
+    Client.onReady(function () { if (!Client.getUserInfo().isAtLeastAdmin) $location.path('/'); });
 
     $scope.user = Client.getUserInfo();
     $scope.config = Client.getConfig();
diff --git a/dashboard/src/views/emails-eventlog.js b/dashboard/src/views/emails-eventlog.js
index 5057b8293..b6d481e16 100644
--- a/dashboard/src/views/emails-eventlog.js
+++ b/dashboard/src/views/emails-eventlog.js
@@ -4,7 +4,7 @@
 /* global angular */
 
 angular.module('Application').controller('EmailsEventlogController', ['$scope', '$location', '$translate', '$timeout', 'Client', function ($scope, $location, $translate, $timeout, Client) {
-    Client.onReady(function () { if (!Client.getUserInfo().isAtLeastOwner) $location.path('/'); });
+    Client.onReady(function () { if (!Client.getUserInfo().isAtLeastAdmin) $location.path('/'); });
 
     $scope.ready = false;
     $scope.config = Client.getConfig();
diff --git a/dashboard/src/views/emails-queue.js b/dashboard/src/views/emails-queue.js
index 6c5624e7b..f0bdaf682 100644
--- a/dashboard/src/views/emails-queue.js
+++ b/dashboard/src/views/emails-queue.js
@@ -4,7 +4,7 @@
 /* global angular */
 
 angular.module('Application').controller('EmailsQueueController', ['$scope', '$location', '$translate', '$timeout', 'Client', function ($scope, $location, $translate, $timeout, Client) {
-    Client.onReady(function () { if (!Client.getUserInfo().isAtLeastOwner) $location.path('/'); });
+    Client.onReady(function () { if (!Client.getUserInfo().isAtLeastAdmin) $location.path('/'); });
 
     $scope.ready = false;
     $scope.config = Client.getConfig();
diff --git a/dashboard/src/views/network.html b/dashboard/src/views/network.html
index 9ec701119..ed8ae0285 100644
--- a/dashboard/src/views/network.html
+++ b/dashboard/src/views/network.html
@@ -251,11 +251,11 @@
     </div>
 
   <!-- Firewall -->
-  <div class="text-left section-header" ng-show="user.isAtLeastOwner">
+  <div class="text-left section-header">
     <h3>{{ 'network.firewall.title' | tr }}</h3>
   </div>
 
-  <div class="card" ng-show="user.isAtLeastOwner">
+  <div class="card">
     <div class="row">
       <div class="col-xs-6">
         <span class="text-muted">{{ 'network.firewall.blockedIpRanges' | tr }}</span>
diff --git a/src/server.js b/src/server.js
index 7248029de..d617154d3 100644
--- a/src/server.js
+++ b/src/server.js
@@ -293,12 +293,12 @@ async function initializeExpressSync() {
     router.get ('/api/v1/applinks/:id/icon',  token, authorizeUser,  routes.applinks.getIcon);
 
     // branding routes
-    router.get ('/api/v1/branding/cloudron_name',         token, authorizeOwner, routes.branding.getCloudronName);
-    router.post('/api/v1/branding/cloudron_name',   json, token, authorizeOwner, routes.branding.setCloudronName);
-    router.get ('/api/v1/branding/cloudron_avatar',       token, authorizeOwner, routes.branding.getCloudronAvatar);
-    router.post('/api/v1/branding/cloudron_avatar', json, token, authorizeOwner, multipart, routes.branding.setCloudronAvatar);
-    router.get ('/api/v1/branding/footer',                token, authorizeOwner, routes.branding.getFooter);
-    router.post('/api/v1/branding/footer',          json, token, authorizeOwner, routes.branding.setFooter);
+    router.get ('/api/v1/branding/cloudron_name',         token, authorizeAdmin, routes.branding.getCloudronName);
+    router.post('/api/v1/branding/cloudron_name',   json, token, authorizeAdmin, routes.branding.setCloudronName);
+    router.get ('/api/v1/branding/cloudron_avatar',       token, authorizeAdmin, routes.branding.getCloudronAvatar);
+    router.post('/api/v1/branding/cloudron_avatar', json, token, authorizeAdmin, multipart, routes.branding.setCloudronAvatar);
+    router.get ('/api/v1/branding/footer',                token, authorizeAdmin, routes.branding.getFooter);
+    router.post('/api/v1/branding/footer',          json, token, authorizeAdmin, routes.branding.setFooter);
 
     // reverseproxy routes
     router.post('/api/v1/reverseproxy/renew_certs', json, token, authorizeAdmin, routes.reverseProxy.renewCerts);
@@ -306,8 +306,8 @@ async function initializeExpressSync() {
     router.post('/api/v1/reverseproxy/trusted_ips', json, token, authorizeAdmin, routes.reverseProxy.setTrustedIps);
 
     // network routes
-    router.get ('/api/v1/network/blocklist',         token, authorizeOwner, routes.network.getBlocklist);
-    router.post('/api/v1/network/blocklist',   json, token, authorizeOwner, routes.network.setBlocklist);
+    router.get ('/api/v1/network/blocklist',         token, authorizeAdmin, routes.network.getBlocklist);
+    router.post('/api/v1/network/blocklist',   json, token, authorizeAdmin, routes.network.setBlocklist);
     router.get ('/api/v1/network/dynamic_dns',       token, authorizeAdmin, routes.network.getDynamicDns);
     router.post('/api/v1/network/dynamic_dns', json, token, authorizeAdmin, routes.network.setDynamicDns);
     router.get ('/api/v1/network/ipv4_config',       token, authorizeAdmin, routes.network.getIPv4Config);
@@ -322,9 +322,9 @@ async function initializeExpressSync() {
     router.post('/api/v1/docker/registry_config',      json, token, authorizeAdmin, routes.docker.setRegistryConfig);
 
     // email routes
-    router.get ('/api/v1/mailserver/eventlog',                token, authorizeOwner, routes.mailserver.proxy);
-    router.post('/api/v1/mailserver/clear_eventlog',          token, authorizeOwner, routes.mailserver.proxy);
-    router.use ('/api/v1/mailserver/files/*',                 token, authorizeOwner, routes.filemanager.proxy('mail'));
+    router.get ('/api/v1/mailserver/eventlog',                token, authorizeAdmin, routes.mailserver.proxy);
+    router.post('/api/v1/mailserver/clear_eventlog',          token, authorizeAdmin, routes.mailserver.proxy);
+    router.use ('/api/v1/mailserver/files/*',                 token, authorizeAdmin, routes.filemanager.proxy('mail'));
     router.get ('/api/v1/mailserver/location',                token, authorizeAdmin, routes.mailserver.getLocation);
     router.post('/api/v1/mailserver/location',          json, token, authorizeAdmin, routes.mailserver.setLocation);
     router.get ('/api/v1/mailserver/max_email_size',          token, authorizeAdmin, routes.mailserver.proxy);