diff --git a/App/Auth/auth.py b/App/Auth/auth.py
index 838cbeb..861f89a 100644
--- a/App/Auth/auth.py
+++ b/App/Auth/auth.py
@@ -1,15 +1,10 @@
-from flask import request, Blueprint, render_template, session, redirect, url_for
+from flask import request, Blueprint, render_template, session, current_app,redirect, url_for
 import os
 from .auth_route import route
 from Database.sql_provider import SQLProvider
-import json
 
 sql_provider = SQLProvider(os.path.join(os.path.dirname(__file__), 'sql'))
 auth_bp = Blueprint('auth_bp', __name__, template_folder='templates')
-db_config_path = os.path.join(os.path.dirname(__file__), os.pardir, 'Database/config.json')
-
-with open(db_config_path) as f:
-    config = json.load(f)
 
 @auth_bp.route('/', methods=['GET', 'POST'])
 def auth():
@@ -17,12 +12,12 @@ def auth():
         return render_template('auth.html')
     else:
         data = request.form.to_dict()
-        auth_data = route(config, data, sql_provider, 'auth.sql')
+        auth_data = route(current_app.config['db_config'], data, sql_provider, 'auth.sql')
         if auth_data.status:
             session.update({
                 'login': auth_data.result[0]['login'],
                 'role': auth_data.result[0]['role'],
-                'db_config': config,
+                'db_config': current_app.config['db_config'],
                 'permanent': True
             })
             return redirect(url_for('index'))
diff --git a/App/Report/sql/report1.sql b/App/Report/sql/report1.sql
new file mode 100644
index 0000000..bac1519
--- /dev/null
+++ b/App/Report/sql/report1.sql
@@ -0,0 +1,11 @@
+SELECT sellers.name AS 'Поставщик',
+	   w.date_of_delivery AS 'Дата поставки', 
+       SUM(wl.count) AS 'Общее количество заготовок', 
+       SUM(wl.price) AS 'Общая стоимость поставленных заготовок'
+FROM waybill w
+JOIN waybill_lines wl USING(waybill_id)
+JOIN workpiece USING(work_id)
+JOIN sellers USING(sel_id)
+WHERE workpiece.material = '${material}'
+AND (w.date_of_delivery BETWEEN '${date_from}' AND '${date_to}')
+GROUP BY sellers.name, w.date_of_delivery;
diff --git a/App/Requests/requests.py b/App/Requests/requests.py
index 17a982c..03af5ca 100644
--- a/App/Requests/requests.py
+++ b/App/Requests/requests.py
@@ -1,7 +1,7 @@
 from flask import request, Blueprint, render_template, session
 from os import path
 from Database.sql_provider import SQLProvider
-from checker import check_auth
+from checker import check_auth, group_required
 from .requests_route import route
 from datetime import date
 import json
@@ -14,12 +14,14 @@ requests_bp = Blueprint('requests_bp', __name__, template_folder='templates')
 
 @requests_bp.route('/', methods=['GET', 'POST'])
 @check_auth
+@group_required
 def requests():
     if request.method == 'GET':
-        return render_template('zapros_menu.html', options=requests_list, current_role=session['role'])
+        return render_template('zapros_menu.html', options=requests_list)
 
 @requests_bp.route('/req1', methods=['GET', 'POST'])
 @check_auth
+@group_required
 def sklad_zapros():
     if request.method == 'GET':
         zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql')
@@ -38,6 +40,26 @@ def sklad_zapros():
 
 @requests_bp.route('/req2', methods=['GET', 'POST'])
 @check_auth
+@group_required
+def zagotovki_ship():
+    if request.method == 'GET':
+        zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql')
+        if zagotovki.status:
+            return render_template('zagotovki.html', materials=zagotovki.result, header='Поставки заготовок')
+        else:
+            return render_template('error.html', error_message=zagotovki.error_message)
+    else:
+        material = dict(request.form)
+        zagotovki = route(session['db_config'], material, sql_provider, 'zapros2.sql')
+        if zagotovki.status:
+            header = f'Поставки заготовок из материала \'{material['material']}\''
+            return render_template('output.html', items=zagotovki.result, object=header)
+        else:
+            return render_template('error.html', error_message=zagotovki.error_message)
+        
+@requests_bp.route('/req3', methods=['GET', 'POST'])
+@check_auth
+@group_required
 def sellers_ship():
     if request.method == 'GET':
         zagotovki = route(session['db_config'], {}, sql_provider, 'sellers.sql')
@@ -49,27 +71,9 @@ def sellers_ship():
             return render_template('error.html', error_message=zagotovki.error_message)
     else:
         seller = dict(request.form)
-        zagotovki = route(session['db_config'], seller, sql_provider, 'zapros2.sql')
+        zagotovki = route(session['db_config'], seller, sql_provider, 'zapros3.sql')
         if zagotovki.status:
-            header = f'Заготовки, поставленные поставщиком \'{seller['seller']}\''
-            return render_template('output.html', items=zagotovki.result, object=header)
-        else:
-            return render_template('error.html', error_message=zagotovki.error_message)
-        
-@requests_bp.route('/req3', methods=['GET', 'POST'])
-@check_auth
-def zagotovki_ship():
-    if request.method == 'GET':
-        zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql')
-        if zagotovki.status:
-            return render_template('zagotovki.html', materials=zagotovki.result, header='Поставки заготовок')
-        else:
-            return render_template('error.html', error_message=zagotovki.error_message)
-    else:
-        material = dict(request.form)
-        zagotovki = route(session['db_config'], material, sql_provider, 'zapros3.sql')
-        if zagotovki.status:
-            header = f'Поставки заготовок из материала \'{material['material']}\''
+            header = f'Поставки от поставщика \'{seller['seller']}\''
             return render_template('output.html', items=zagotovki.result, object=header)
         else:
             return render_template('error.html', error_message=zagotovki.error_message)
\ No newline at end of file
diff --git a/App/Requests/templates/zapros_menu.html b/App/Requests/templates/zapros_menu.html
index d930e6d..852a439 100644
--- a/App/Requests/templates/zapros_menu.html
+++ b/App/Requests/templates/zapros_menu.html
@@ -12,9 +12,7 @@
     <h1>Выберите вариант запроса</h1>
     <nav class="menu">
         {% for point in options %}
-            {% if current_role in point['roles'] %}
-                <a href="{{ url_for(point['url']) }}"><button>{{ point['name'] }}</button></a>
-            {% endif %}
+            <a href="{{ url_for(point['url']) }}"><button>{{ point['name'] }}</button></a>
         {% endfor %}
     </nav>
     <div class="return">
diff --git a/App/Requests/zapros_menu.json b/App/Requests/zapros_menu.json
index 865ba67..eacda20 100644
--- a/App/Requests/zapros_menu.json
+++ b/App/Requests/zapros_menu.json
@@ -1,5 +1,5 @@
 [
-    {"name": "Количество заготовок на складе", "url": "requests_bp.sklad_zapros", "roles" : "admin, user"},
-    {"name": "Поставки заготовок", "url": "requests_bp.zagotovki_ship", "roles" : "admin, user"},
-    {"name": "Поставки поставщиком за год", "url": "requests_bp.sellers_ship", "roles" : "admin, user"}
+    {"name": "Количество заготовок на складе", "url": "requests_bp.sklad_zapros"},
+    {"name": "Поставки заготовок", "url": "requests_bp.zagotovki_ship"},
+    {"name": "Поставки поставщиком за год", "url": "requests_bp.sellers_ship"}
 ]
\ No newline at end of file
diff --git a/App/app.py b/App/app.py
index b5cd26c..d8104d1 100644
--- a/App/app.py
+++ b/App/app.py
@@ -2,10 +2,16 @@ from flask import Flask, render_template, session
 from Requests.requests import requests_bp
 from Auth.auth import auth_bp
 from checker import check_auth
+import os, json
 
 app = Flask(__name__)
 app.secret_key = 'suplex'
 
+with open(os.path.join(os.path.dirname(__file__), 'data/db_access.json')) as f:
+    app.config['db_access'] = json.load(f)
+with open(os.path.join(os.path.dirname(__file__), 'data/config.json')) as f:
+    app.config['db_config'] = json.load(f)
+
 app.register_blueprint(requests_bp, url_prefix='/requests')
 app.register_blueprint(auth_bp, url_prefix='/auth')
 
diff --git a/App/checker.py b/App/checker.py
index 0f90868..eff7dd5 100644
--- a/App/checker.py
+++ b/App/checker.py
@@ -1,4 +1,4 @@
-from flask import redirect, url_for, session
+from flask import redirect, url_for, session, request, current_app
 from functools import wraps
 
 
@@ -8,4 +8,20 @@ def check_auth(func):
         if 'login' not in session:
             return redirect(url_for('auth_bp.auth'))
         return func(*args, **kwargs)
+    return wrapper
+
+
+def group_required(func):
+    @wraps(func)
+    def wrapper(*args, **kwargs):
+        if 'role' in session:
+            user_role = session.get('role')
+            user_request = request.endpoint
+            print('request_endpoint=', user_request)
+            user_bp = user_request.split('.')[0]
+            access = current_app.config['db_access']
+            if user_role in access and user_bp in access[user_role]:
+                return func(*args, **kwargs)
+            else:
+                return redirect(url_for('index'))
     return wrapper
\ No newline at end of file
diff --git a/App/Database/config.json b/App/data/config.json
similarity index 100%
rename from App/Database/config.json
rename to App/data/config.json
diff --git a/App/data/db_access.json b/App/data/db_access.json
new file mode 100644
index 0000000..116f540
--- /dev/null
+++ b/App/data/db_access.json
@@ -0,0 +1,4 @@
+{
+    "manager": ["auth_bp", "requests_bp"],
+    "admin": ["auth_bp", "requests_bp"]
+  }
\ No newline at end of file