diff --git a/src/internal/server/access_handler.go b/src/internal/server/access_handler.go
index 6adc0d4..9320274 100644
--- a/src/internal/server/access_handler.go
+++ b/src/internal/server/access_handler.go
@@ -1,25 +1,49 @@
 package server
 
 import (
+	"fmt"
+
+	dto "git.ego.freeddns.org/egommerce/api-entities/identity/dto"
 	domain "git.ego.freeddns.org/egommerce/identity-service/domain/repository"
 	"git.ego.freeddns.org/egommerce/identity-service/internal/service"
 	"github.com/gofiber/fiber/v2"
 )
 
 func (s *Server) AccessHandlerFn(c *fiber.Ctx) error {
-	url, srvName := c.Query("q"), c.Query("srv")
-
-	urlRepo := domain.NewURLAccessRepository(s.GetDatabase())
-
 	userRepo := domain.NewUserRepository(s.GetDatabase())
+	roleRepo := domain.NewRoleRepository(s.GetDatabase())
+	urlRepo := domain.NewURLAccessRepository(s.GetDatabase())
 	authSrv := service.NewAuthService(userRepo, s.GetCache())
 
-	authSrv.VerifyToken("asd")
+	url, srvName := c.Query("q"), c.Query("srv")
 
-	urlAcc, err := urlRepo.FindByURLAndService(url, srvName)
-	if err != nil {
-		return s.Error(c, fiber.StatusBadRequest, "unable to fetch requested url data")
+	header := new(dto.AuthorizationHeaderDTO)
+	c.ReqHeaderParser(header)
+
+	token, err := authSrv.GetTokenFromAuthorizationHeader(header.Authorization)
+	if err != nil { // FIXME probably never get here cause of jwt parsing in middlewares
+		return s.Error(c, fiber.StatusNotFound, err.Error())
 	}
 
-	return c.JSON(urlAcc.Roles)
+	uid, _ := authSrv.GetUIDByAccesssToken(token)
+	user, err := userRepo.FindByID(uid)
+	if err != nil {
+		return s.Error(c, fiber.StatusNotFound, "user not found")
+	}
+
+	role := roleRepo.GetUserRole(user)
+
+	urlAcc, err := urlRepo.FindByURLAndServiceForRole(url, srvName, role.Name)
+	if err != nil {
+		return s.Error(c, fiber.StatusNotFound, "user has not required permission")
+	}
+
+	fmt.Printf("urlAcc: %#v", urlAcc)
+
+	// roles := urlRepo.FindForUser()
+	// guardSrv := service.NewGuardService()
+
+	// guard.CheckAccess("asd")
+
+	return c.SendStatus(fiber.StatusNoContent)
 }
diff --git a/src/internal/service/jwt.go b/src/internal/service/jwt.go
index f526c85..70bc01d 100644
--- a/src/internal/service/jwt.go
+++ b/src/internal/service/jwt.go
@@ -21,7 +21,7 @@ var (
 var jwtSrv *JWT
 
 func init() {
-	expAccessTokenTime, _ := strconv.Atoi(cnf.GetEnv("JWT_ACCESS_TOKEN_EXPIRE_TIME", "5"))
+	expAccessTokenTime, _ := strconv.Atoi(cnf.GetEnv("JWT_ACCESS_TOKEN_EXPIRE_TIME", "1"))
 	accessTokenExpireTime = time.Duration(int(time.Hour) * expAccessTokenTime) // hours
 
 	expRefreshTokenTime, _ := strconv.Atoi(cnf.GetEnv("JWT_REFRESH_TOKEN_EXPIRE_TIME", "7"))