diff --git a/hooks/post_app_addaccess b/hooks/post_app_addaccess
index ab21465..47fed69 100644
--- a/hooks/post_app_addaccess
+++ b/hooks/post_app_addaccess
@@ -9,7 +9,13 @@ permission=$3
 added_groups=$4
 
 if [ "$app" == __APP__ ]; then
-    if [ "$added_groups" = "visitors" ]; then
-        ynh_app_setting_delete --app=$app --key=protected_regex
+    if [ "$permission" = "upload images" ]; then
+        if [ "$added_groups" = "visitors" ]; then
+            ynh_app_setting_delete --app=$app --key=protected_regex
+
+            yunohost app ssowatconf
+        else
+            ynh_print_warn --message="This app doesn't support this authorisation, you can only add or remove visitors group."
+        fi
     fi
 fi
\ No newline at end of file
diff --git a/hooks/post_app_removeaccess b/hooks/post_app_removeaccess
index dbeb996..d78cd20 100644
--- a/hooks/post_app_removeaccess
+++ b/hooks/post_app_removeaccess
@@ -9,10 +9,16 @@ permission=$3
 removed_groups=$4
 
 if [ "$app" == __APP__ ]; then
-    if [ "$removed_groups" = "visitors" ]; then
-        domain=$(ynh_app_setting_get --app=$app --key=domain)
-        path_url=$(ynh_app_setting_get --app=$app --key=path)
-        domain_regex=$(echo "$domain" | sed 's@-@.@g')
-        ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$"
+    if [ "$permission" = "upload images" ]; then
+        if [ "$removed_groups" = "visitors" ]; then
+            domain=$(ynh_app_setting_get --app=$app --key=domain)
+            path_url=$(ynh_app_setting_get --app=$app --key=path)
+            domain_regex=$(echo "$domain" | sed 's@-@.@g')
+            ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$"
+
+            yunohost app ssowatconf
+        else
+            ynh_print_warn --message="This app doesn't support this authorisation, you can only add or remove visitors group."
+        fi
     fi
 fi
\ No newline at end of file
diff --git a/scripts/change_url b/scripts/change_url
index 701a082..d107825 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -27,7 +27,6 @@ app=$YNH_APP_INSTANCE_NAME
 ynh_script_progression --message="Loading installation settings..." --weight=2
 
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 port=$(ynh_app_setting_get --app=$app --key=port)
 
 #=================================================
@@ -122,7 +121,7 @@ fi
 #=================================================
 ynh_script_progression --message="Reconfiguring SSOwat..."
 
-if [ $is_public -eq 0 ]
+if [ ! -z $(ynh_app_setting_get --app=$app --key=protected_regex) ] # Only user with a yunohost account can upload an image
 then
 	# If the app is private, viewing images stays publicly accessible.
 	if [ "$new_path" == "/" ]; then
diff --git a/scripts/install b/scripts/install
index 0dd291a..0883271 100644
--- a/scripts/install
+++ b/scripts/install
@@ -198,11 +198,11 @@ yunohost service add $app --log $final_path/log/production.log
 #=================================================
 ynh_script_progression --message="Configuring SSOwat..."
 
-ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+ynh_permission_update --permission="main" --add="visitors"
 
-ynh_permission_url --permission="main"
+ynh_permission_create --permission="upload images" --allowed="visitors"
 
-if [ $fis_public -eq 0 ]
+if [ $is_public -eq 0 ]
 then
 	# If the app is private, viewing images stays publicly accessible.
 	if [ "$path_url" == "/" ]; then
@@ -212,6 +212,8 @@ then
 	# Modify the domain to be used in a regex
 	domain_regex=$(echo "$domain" | sed 's@-@.@g')
     ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats/?$","$domain_regex$path_url/manifest.webapp/?$","$domain_regex$path_url/?$","$domain_regex$path_url/[d-m]/.*$"
+
+	ynh_permission_update --permission="upload images" --remove="visitors"
 fi
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 4f78c1f..4782583 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -49,7 +49,6 @@ ynh_script_progression --message="Ensuring downward compatibility..." --weight=2
 
 if [ ! -z "$skipped_uris" ]; then
 	ynh_app_setting_delete --app=$app --key=skipped_uris
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
 fi
 
 # if final_path isn't set, which can happens with old scripts, set final_path.
@@ -262,7 +261,15 @@ chown $app -R /var/log/$app
 #=================================================
 ynh_script_progression --message="Upgrading permission..."
 
-ynh_permission_url --permission="main"
+if ! ynh_permission_exists --permission="upload images"
+then
+	if [ -z $(ynh_app_setting_get --app=$app --key=protected_regex) ] # Everyone can upload image
+	then
+		ynh_permission_create --permission="upload images" --allowed="visitors"
+	else # Only user with a yunohost account can upload an image
+		ynh_permission_create --permission="upload images" --allowed="all_users"
+	fi
+fi
 
 #=================================================
 # RELOAD NGINX