diff --git a/scripts/functions.sh b/scripts/functions.sh
index 280937a..50247f6 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -31,22 +31,17 @@ CONFIGURE_DUNITER () {
 }
 
 CONFIG_SSOWAT () {
-	# Protect senstive sub-routes to Duniter web admin interface, give access to choosen admin
-	if ! ynh_permission_exists --permission "admin"; then
-		ynh_permission_create --permission "admin" --url "/webui","/webmin" --allowed "$admin"
-	fi
+	# Add admin to the allowed users
+	yunohost app addaccess $app -u $admin
 
-	# Add access to BMA
-	ynh_permission_update --permission main --add visitors
+	# Protect senstive sub-routes
+	ynh_app_setting_set "$app" protected_uris "/webui","/webmin"
+
+	# Duniter is public app, with only some parts restricted in nginx.conf
+	ynh_app_setting_set "$app" unprotected_uris "/","/modules"
 
 	# Set URL redirection from root to webadmin
 	ynh_app_setting_set "$app" redirected_urls "{'$domain/':'$domain/webui'}"
-
-	# Remove deprecated permission system settings
-	if [ ! -z "$(ynh_app_setting_get --app=$app --key=protected_uris)" ]; then
-		ynh_app_setting_delete --app=$app --key=protected_uris
-		ynh_app_setting_delete --app=$app --key=unprotected_uris
-	fi
 }
 
 CONFIG_NGINX () {