diff --git a/administrator/components/com_guidedtours/access.xml b/administrator/components/com_guidedtours/access.xml
index ca9c707806b59..2c4945a78818e 100644
--- a/administrator/components/com_guidedtours/access.xml
+++ b/administrator/components/com_guidedtours/access.xml
@@ -11,8 +11,10 @@
 		<action name="core.edit.own" title="JACTION_EDITOWN" />
 	</section>
 	<section name="tour">
+		<action name="core.create" title="JACTION_CREATE" />
 		<action name="core.delete" title="JACTION_DELETE" />
 		<action name="core.edit" title="JACTION_EDIT" />
 		<action name="core.edit.state" title="JACTION_EDITSTATE" />
+		<action name="core.edit.own" title="JACTION_EDITOWN" />
 	</section>
 </access>
diff --git a/administrator/components/com_guidedtours/src/Controller/StepController.php b/administrator/components/com_guidedtours/src/Controller/StepController.php
index 172062bcd7ae8..01a0a992ea131 100644
--- a/administrator/components/com_guidedtours/src/Controller/StepController.php
+++ b/administrator/components/com_guidedtours/src/Controller/StepController.php
@@ -11,6 +11,7 @@
 namespace Joomla\Component\Guidedtours\Administrator\Controller;
 
 use Joomla\CMS\MVC\Controller\FormController;
+use Joomla\Utilities\ArrayHelper;
 
 // phpcs:disable PSR1.Files.SideEffects
 \defined('_JEXEC') or die;
@@ -23,4 +24,67 @@
  */
 class StepController extends FormController
 {
+    /**
+     * Method override to check if you can add a new record.
+     *
+     * @param   array  $data  An array of input data.
+     *
+     * @return  boolean
+     *
+     * @since   __DEPLOY_VERSION__
+     */
+    protected function allowAdd($data = [])
+    {
+        $tourId = ArrayHelper::getValue($data, 'tour_id', $this->app->getUserState('com_guidedtours.tour_id', 0), 'int');
+
+        if ($tourId) {
+            // If the category has been passed in the data or URL check it.
+            return $this->app->getIdentity()->authorise('core.create', 'com_guidedtours.tour.' . $tourId);
+        }
+
+        // In the absence of better information, revert to the component permissions.
+        return parent::allowAdd();
+    }
+
+    /**
+     * Method override to check if you can edit an existing record.
+     *
+     * @param   array   $data  An array of input data.
+     * @param   string  $key   The name of the key for the primary key.
+     *
+     * @return  boolean
+     *
+     * @since   __DEPLOY_VERSION__
+     */
+    protected function allowEdit($data = [], $key = 'id')
+    {
+        $recordId = (int)$data[$key] ?? 0;
+        $user     = $this->app->getIdentity();
+        $tourId   = (int)$data['tour_id'] ?? $this->app->getUserState('com_guidedtours.tour_id', 0);
+
+        // Zero record (id:0), return component edit permission by calling parent controller method
+        if (!$recordId) {
+            return parent::allowEdit($data, $key);
+        }
+
+        // Check edit on the record asset
+        if ($user->authorise('core.edit', 'com_guidedtours.tour.' . $tourId)) {
+            return true;
+        }
+
+        // Check edit own on the record asset
+        if ($user->authorise('core.edit.own', 'com_guidedtours.tour.' . $tourId)) {
+            // Existing record already has an owner, get it
+            $record = $this->getModel()->getItem($recordId);
+
+            if (empty($record)) {
+                return false;
+            }
+
+            // Grant if current user is owner of the record
+            return $user->id == $record->created_by;
+        }
+
+        return false;
+    }
 }
diff --git a/administrator/components/com_guidedtours/src/Controller/TourController.php b/administrator/components/com_guidedtours/src/Controller/TourController.php
index 509a9e17f6f92..082d49a6fe6b4 100644
--- a/administrator/components/com_guidedtours/src/Controller/TourController.php
+++ b/administrator/components/com_guidedtours/src/Controller/TourController.php
@@ -23,4 +23,54 @@
  */
 class TourController extends FormController
 {
+    /**
+     * Method to check if you can add a new record.
+     *
+     * @param   array  $data  An array of input data.
+     *
+     * @return  boolean
+     *
+     * @since   __DEPLOY_VERSION__
+     */
+    protected function allowAdd($data = [])
+    {
+        return $this->app->getIdentity()->authorise('core.create', $this->option);
+    }
+
+    /**
+     * Method to check if you can edit a record.
+     *
+     * @param   array   $data  An array of input data.
+     * @param   string  $key   The name of the key for the primary key.
+     *
+     * @return  boolean
+     *
+     * @since   __DEPLOY_VERSION__
+     */
+    protected function allowEdit($data = [], $key = 'id')
+    {
+        $recordId = (int)$data[$key] ?? 0;
+        $user     = $this->app->getIdentity();
+
+        // Check "edit" permission on record asset
+        if ($user->authorise('core.edit', 'com_guidedtours.tour.' . $recordId)) {
+            return true;
+        }
+
+        // Check "edit own" permission on record asset
+        if ($user->authorise('core.edit.own', 'com_guidedtours.tour.' . $recordId)) {
+            // Need to do a lookup from the model to get the owner
+            $record = $this->getModel()->getItem($recordId);
+
+            if (empty($record)) {
+                return false;
+            }
+
+            if ($record->created_by == $user->id) {
+                return true;
+            }
+        }
+
+        return false;
+    }
 }
diff --git a/administrator/components/com_guidedtours/src/View/Step/HtmlView.php b/administrator/components/com_guidedtours/src/View/Step/HtmlView.php
index b6f5a1d8ccbe4..1ab627a1ae9cc 100644
--- a/administrator/components/com_guidedtours/src/View/Step/HtmlView.php
+++ b/administrator/components/com_guidedtours/src/View/Step/HtmlView.php
@@ -97,7 +97,7 @@ protected function addToolbar()
         $userId     = $user->id;
         $isNew      = empty($this->item->id);
 
-        $canDo = ContentHelper::getActions('com_guidedtours');
+        $canDo = ContentHelper::getActions('com_guidedtours', 'tour', $this->item->tour_id);
 
         ToolbarHelper::title(Text::_('COM_GUIDEDTOURS') . ' - ' . ($isNew ? Text::_('COM_GUIDEDTOURS_MANAGER_STEP_NEW') : Text::_('COM_GUIDEDTOURS_MANAGER_STEP_EDIT')), 'map-signs');
 
diff --git a/administrator/components/com_guidedtours/src/View/Steps/HtmlView.php b/administrator/components/com_guidedtours/src/View/Steps/HtmlView.php
index 1ed524747910c..85ae43dbfae7b 100644
--- a/administrator/components/com_guidedtours/src/View/Steps/HtmlView.php
+++ b/administrator/components/com_guidedtours/src/View/Steps/HtmlView.php
@@ -122,7 +122,7 @@ protected function addToolbar()
         // Get the toolbar object instance
         $toolbar = Toolbar::getInstance('toolbar');
 
-        $canDo = ContentHelper::getActions('com_guidedtours');
+        $canDo = ContentHelper::getActions('com_guidedtours', 'tour', $this->state->get('filter.tour_id', 0));
         $app   = Factory::getApplication();
         $user  = $app->getIdentity();
 
diff --git a/administrator/components/com_guidedtours/src/View/Tour/HtmlView.php b/administrator/components/com_guidedtours/src/View/Tour/HtmlView.php
index 422a07b1a1f44..3aa28bd0e4371 100644
--- a/administrator/components/com_guidedtours/src/View/Tour/HtmlView.php
+++ b/administrator/components/com_guidedtours/src/View/Tour/HtmlView.php
@@ -94,13 +94,11 @@ protected function addToolbar()
     {
         Factory::getApplication()->input->set('hidemainmenu', true);
 
-        $user       = Factory::getUser();
+        $user       = Factory::getApplication()->getIdentity();
         $userId     = $user->id;
         $isNew      = empty($this->item->id);
 
-        $canDo = ContentHelper::getActions('com_guidedtours');
-
-        $toolbar = Toolbar::getInstance();
+        $canDo = ContentHelper::getActions('com_guidedtours', 'tour', $this->item->id);
 
         ToolbarHelper::title(Text::_('COM_GUIDEDTOURS') . ' - ' . ($isNew ? Text::_('COM_GUIDEDTOURS_MANAGER_TOUR_NEW') : Text::_('COM_GUIDEDTOURS_MANAGER_TOUR_EDIT')), 'map-signs');
 
diff --git a/administrator/components/com_guidedtours/tmpl/steps/default.php b/administrator/components/com_guidedtours/tmpl/steps/default.php
index 9a3ad40c165fe..59a4bf63e8cb5 100644
--- a/administrator/components/com_guidedtours/tmpl/steps/default.php
+++ b/administrator/components/com_guidedtours/tmpl/steps/default.php
@@ -27,15 +27,19 @@
 $wa->useScript('table.columns')
     ->useScript('multiselect');
 
-$app       = Factory::getApplication();
-$user      = $app->getIdentity();
+$user      = Factory::getApplication()->getIdentity();
 $userId    = $user->get('id');
 $listOrder = $this->escape($this->state->get('list.ordering'));
 $listDirn  = $this->escape($this->state->get('list.direction'));
 $saveOrder = $listOrder == 'a.ordering';
 $section   = null;
 $mode      = false;
-$tour_id   = $this->state->get('filter.tour_id');
+$tourId    = $this->state->get('filter.tour_id');
+
+$canEdit              = $user->authorise('core.edit', 'com_guidedtours.tour.' . $tourId);
+$canEditOwnTour       = $user->authorise('core.edit.own', 'com_guidedtours.tour.' . $tourId);
+$canEditStateTour     = $user->authorise('core.edit.state', 'com_guidedtours.tour.' . $tourId);
+$hasCheckinPermission = $user->authorise('core.manage', 'com_checkin');
 
 if ($saveOrder && !empty($this->items)) {
     $saveOrderingUrl = 'index.php?option=com_guidedtours&task=steps.saveOrderAjax&tmpl=component&' . Session::getFormToken() . '=1';
@@ -43,7 +47,7 @@
 }
 ?>
 
-<form action="<?php echo Route::_('index.php?option=com_guidedtours&view=steps&tour_id=' . $tour_id); ?>"
+<form action="<?php echo Route::_('index.php?option=com_guidedtours&view=steps&tour_id=' . $tourId); ?>"
       method="post" name="adminForm" id="adminForm">
     <div id="j-main-container" class="j-main-container">
         <?php
@@ -136,9 +140,9 @@
                     class="js-draggable" data-url="<?php echo $saveOrderingUrl; ?>" data-direction="<?php echo strtolower($listDirn); ?>" data-nested="true" <?php
                        endif; ?>>
                 <?php foreach ($this->items as $i => $item) :
-                    $canEdit = $user->authorise('core.edit', 'com_guidedtours' . '.step.' . $item->id);
-                    $canCheckin = $user->authorise('core.manage', 'com_checkin') || $item->checked_out == $userId || is_null($item->checked_out);
-                    $canChange = $user->authorise('core.edit.state', 'com_guidedtours' . '.step.' . $item->id) && $canCheckin;
+                    $canEditOwn = $canEditOwnTour && $item->created_by == $userId;
+                    $canCheckin = $hasCheckinPermission || $item->checked_out == $userId || is_null($item->checked_out);
+                    $canChange  = $canEditStateTour && $canCheckin;
                     ?>
 
                     <!-- Row begins -->
@@ -186,7 +190,7 @@ class="js-draggable" data-url="<?php echo $saveOrderingUrl; ?>" data-direction="
                                 <?php if ($item->checked_out) : ?>
                                     <?php echo HTMLHelper::_('jgrid.checkedout', $i, $item->editor, $item->checked_out_time, 'steps.', $canCheckin); ?>
                                 <?php endif; ?>
-                                <?php if ($canEdit) : ?>
+                                <?php if ($canEdit || $canEditOwn) : ?>
                                     <a href="<?php echo Route::_('index.php?option=com_guidedtours&task=step.edit&id=' . $item->id); ?> " title="<?php echo Text::_('JACTION_EDIT'); ?> <?php echo $this->escape($item->title); ?>">
                                         <?php echo $this->escape($item->title); ?>
                                     </a>
diff --git a/administrator/components/com_guidedtours/tmpl/tours/default.php b/administrator/components/com_guidedtours/tmpl/tours/default.php
index c44b36f6ffc5e..c2a283abd16e9 100644
--- a/administrator/components/com_guidedtours/tmpl/tours/default.php
+++ b/administrator/components/com_guidedtours/tmpl/tours/default.php
@@ -148,9 +148,10 @@
                     class="js-draggable" data-url="<?php echo $saveOrderingUrl; ?>" data-direction="<?php echo strtolower($listDirn); ?>" data-nested="true" <?php
                        endif; ?>>
                 <?php foreach ($this->items as $i => $item) :
-                    $canEdit = $user->authorise('core.edit', 'com_guidedtours' . '.tour.' . $item->id);
+                    $canEdit    = $user->authorise('core.edit', 'com_guidedtours.tour.' . $item->id);
+                    $canEditOwn = $user->authorise('core.edit.own', 'com_guidedtours.tour.' . $item->id) && $item->created_by == $userId;
                     $canCheckin = $user->authorise('core.manage', 'com_checkin') || $item->checked_out == $userId || is_null($item->checked_out);
-                    $canChange = $user->authorise('core.edit.state', 'com_guidedtours' . '.tour.' . $item->id) && $canCheckin;
+                    $canChange  = $user->authorise('core.edit.state', 'com_guidedtours.tour.' . $item->id) && $canCheckin;
                     ?>
 
                     <!-- Row begins -->
@@ -197,7 +198,7 @@ class="js-draggable" data-url="<?php echo $saveOrderingUrl; ?>" data-direction="
                                 <?php if ($item->checked_out) : ?>
                                     <?php echo HTMLHelper::_('jgrid.checkedout', $i, $item->editor, $item->checked_out_time, 'tours.', $canCheckin); ?>
                                 <?php endif; ?>
-                                <?php if ($canEdit) : ?>
+                                <?php if ($canEdit || $canEditOwn) : ?>
                                     <a href="<?php echo Route::_('index.php?option=com_guidedtours&task=tour.edit&id=' . $item->id); ?>" title="<?php echo Text::_('JACTION_EDIT'); ?> <?php echo $this->escape($item->title); ?>">
                                         <?php echo $this->escape($item->title); ?>
                                     </a>