diff --git a/app/controllers/admin/site_customization/cards_controller.rb b/app/controllers/admin/site_customization/cards_controller.rb
index f377283fc..9afbb409d 100644
--- a/app/controllers/admin/site_customization/cards_controller.rb
+++ b/app/controllers/admin/site_customization/cards_controller.rb
@@ -1,8 +1,8 @@
 class Admin::SiteCustomization::CardsController < Admin::SiteCustomization::BaseController
   skip_authorization_check
+  load_and_authorize_resource :page, class: "::SiteCustomization::Page"
+  load_and_authorize_resource :card, through: :page, class: "Widget::Card"
 
   def index
-    @page = ::SiteCustomization::Page.find(params[:page_id])
-    @cards = @page.cards
   end
 end
diff --git a/app/models/abilities/administrator.rb b/app/models/abilities/administrator.rb
index e93e68e96..b70c7f4d0 100644
--- a/app/models/abilities/administrator.rb
+++ b/app/models/abilities/administrator.rb
@@ -88,6 +88,7 @@ module Abilities
       can :manage, SiteCustomization::Page
       can :manage, SiteCustomization::Image
       can :manage, SiteCustomization::ContentBlock
+      can :manage, Widget::Card
 
       can :access, :ckeditor
       can :manage, Ckeditor::Picture
diff --git a/spec/models/abilities/administrator_spec.rb b/spec/models/abilities/administrator_spec.rb
index 873768d87..fd7f7a718 100644
--- a/spec/models/abilities/administrator_spec.rb
+++ b/spec/models/abilities/administrator_spec.rb
@@ -112,4 +112,6 @@ describe Abilities::Administrator do
   it { should be_able_to(:read, SDG::Manager) }
   it { should be_able_to(:create, SDG::Manager) }
   it { should be_able_to(:destroy, SDG::Manager) }
+
+  it { should be_able_to(:manage, Widget::Card) }
 end