diff --git a/oshipka/persistance/__init__.py b/oshipka/persistance/__init__.py
index ce5a999..388c7d7 100644
--- a/oshipka/persistance/__init__.py
+++ b/oshipka/persistance/__init__.py
@@ -369,7 +369,7 @@ def generate_permissions():
                         f.write("{},,permission.change_owner,models.{},,0\n".format(subject, model))
                 for permission in DEFAULT_MODEL_PERMISSIONS:
                     # TODO: TEST AND FIX THIS - VERY NAIVE RIGHT NOW!!!
-                    this_perm = int(not model_acls.get(permission)['authn'])
+                    this_perm = int(model_acls.get(permission)['authn'])
                     f.write("{},,model.{},models.{},,{}\n".format(subject, permission, model, this_perm))
                 for column in model_view.definitions.get('columns'):
                     column_name = column.get('name')
diff --git a/oshipka/webapp/default_routes.py b/oshipka/webapp/default_routes.py
index 694ad77..62f5d1c 100644
--- a/oshipka/webapp/default_routes.py
+++ b/oshipka/webapp/default_routes.py
@@ -24,7 +24,7 @@ def get_media(model_name, instance_id, column, filepath):
     if not instance:
         abort(404)
     verb = "{}.read".format(column)
-    if not has_permission(model_name, verb, instance):
+    if not has_permission(model_name, verb, action_prefix='column', object_prefix="columns"): # TODO: , instance):
         abort(401)
     return send_from_directory(MEDIA_DIR, filepath)
 
diff --git a/oshipka/webapp/views.py b/oshipka/webapp/views.py
index b16e3de..28b6693 100644
--- a/oshipka/webapp/views.py
+++ b/oshipka/webapp/views.py
@@ -24,7 +24,8 @@ MODEL_VIEWS = dict()
 
 
 def has_permission(obj, action, instance=None, object_prefix="models", action_prefix="model"):
-    if object_prefix in ['models']:
+    model_view = None
+    if object_prefix in ['models', 'columns']:
         model_view = MODEL_VIEWS.get(obj, {})
     if not model_view:
         return False
diff --git a/vm_gen/templates/html/_get.html b/vm_gen/templates/html/_get.html
index abf41dd..f054c6e 100644
--- a/vm_gen/templates/html/_get.html
+++ b/vm_gen/templates/html/_get.html
@@ -1,5 +1,5 @@
 [%- for column in columns %]
-{% if has_permission("[[ name|camel_to_snake ]]", "[[ column.name ]].read", instance) %}
+{% if has_permission("[[ name|camel_to_snake ]]", "[[ column.name ]].read", instance, object_prefix="columns", action_prefix="column") %}
 {% if "[[ column.name ]]" not in skip_list %}
     <li id="display-[[ name|camel_to_snake ]]-[[ column.name ]]"><strong>[%- if column.type in ['relationship'] and column.multiple %]{{ _("[[ column.name|pluralize ]]") }}[%- else %]{{ _("[[ column.name ]]") }}[%- endif %]</strong>:
   [%- if not column.type in ['bool', 'boolean', ] %]