diff --git a/app/main/views/dashboard.py b/app/main/views/dashboard.py
index 93b11cdc9..7c0514aab 100644
--- a/app/main/views/dashboard.py
+++ b/app/main/views/dashboard.py
@@ -15,7 +15,7 @@ from app.utils import user_has_permissions
 
 @main.route("/services/<service_id>/dashboard")
 @login_required
-@user_has_permissions()
+@user_has_permissions('view_activity', admin_override=True)
 def service_dashboard(service_id):
     templates = templates_dao.get_service_templates(service_id)['data']
     jobs = job_api_client.get_job(service_id)['data']
diff --git a/app/main/views/jobs.py b/app/main/views/jobs.py
index 4e5082d31..124b12172 100644
--- a/app/main/views/jobs.py
+++ b/app/main/views/jobs.py
@@ -6,24 +6,20 @@ from flask import (
     render_template,
     abort,
     jsonify,
-    flash,
-    redirect,
-    request,
-    url_for
+    request
 )
 from flask_login import login_required
 from utils.template import Template
 
 from app import job_api_client, notification_api_client
 from app.main import main
-from app.main.dao import templates_dao
-from app.main.dao import services_dao
+from app.main.dao import (services_dao, templates_dao)
 from app.utils import (get_page_from_request, generate_previous_next_dict, user_has_permissions)
 
 
 @main.route("/services/<service_id>/jobs")
 @login_required
-@user_has_permissions()
+@user_has_permissions('view_activity', admin_override=True)
 def view_jobs(service_id):
     jobs = job_api_client.get_job(service_id)['data']
     return render_template(
@@ -35,7 +31,7 @@ def view_jobs(service_id):
 
 @main.route("/services/<service_id>/jobs/<job_id>")
 @login_required
-@user_has_permissions()
+@user_has_permissions('view_activity', admin_override=True)
 def view_job(service_id, job_id):
     service = services_dao.get_service_by_id_or_404(service_id)
     job = job_api_client.get_job(service_id, job_id)['data']
@@ -64,7 +60,7 @@ def view_job(service_id, job_id):
 
 @main.route("/services/<service_id>/jobs/<job_id>.json")
 @login_required
-@user_has_permissions()
+@user_has_permissions('view_activity')
 def view_job_updates(service_id, job_id):
     service = services_dao.get_service_by_id_or_404(service_id)
     job = job_api_client.get_job(service_id, job_id)['data']
@@ -92,7 +88,7 @@ def view_job_updates(service_id, job_id):
 
 @main.route('/services/<service_id>/notifications')
 @login_required
-@user_has_permissions()
+@user_has_permissions('view_activity', admin_override=True)
 def view_notifications(service_id):
     # TODO get the api to return count of pages as well.
     page = get_page_from_request()
@@ -121,7 +117,7 @@ def view_notifications(service_id):
 
 @main.route("/services/<service_id>/jobs/<job_id>/notification/<string:notification_id>")
 @login_required
-@user_has_permissions()
+@user_has_permissions('view_activity', admin_override=True)
 def view_notification(service_id, job_id, notification_id):
 
     now = time.strftime('%H:%M')
diff --git a/app/main/views/send.py b/app/main/views/send.py
index 9f252292d..6da51784a 100644
--- a/app/main/views/send.py
+++ b/app/main/views/send.py
@@ -66,7 +66,11 @@ def get_page_headings(template_type):
 
 @main.route("/services/<service_id>/send/<template_type>", methods=['GET'])
 @login_required
-@user_has_permissions('send_texts', 'send_emails', 'send_letters', 'manage_templates', 'manage_api_keys',
+@user_has_permissions('view_activity',
+                      'send_texts',
+                      'send_emails',
+                      'manage_templates',
+                      'manage_api_keys',
                       admin_override=True, or_=True)
 def choose_template(service_id, template_type):
 
diff --git a/app/templates/main_nav.html b/app/templates/main_nav.html
index 0a2d26ed3..09c2229fd 100644
--- a/app/templates/main_nav.html
+++ b/app/templates/main_nav.html
@@ -2,15 +2,17 @@
   <h2 class="navigation-service-name">
     <a href="{{ url_for('.service_dashboard', service_id=service_id) }}">{{ session.get('service_name', 'Service') }}</a>
   </h2>
+  {% if current_user.has_permissions(['view_activity'], admin_override=True) %}
   <ul>
     <li><a href="{{ url_for('.view_notifications', service_id=service_id) }}">View activity</a></li>
   </ul>
+  {% endif %}
   {% if current_user.has_permissions(['send_texts', 'send_emails', 'send_letters']) %}
   <ul>
     <li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='sms') }}">Send text messages</a></li>
     <li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='email') }}">Send emails</a></li>
   </ul>
-  {% elif current_user.has_permissions(['manage_templates','manage_api_keys'], admin_override=True, or_=True) %}
+  {% elif current_user.has_permissions(['view_activity', 'manage_templates','manage_api_keys'], admin_override=True, or_=True) %}
   <ul>
     <li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='sms') }}">Text message templates</a></li>
     <li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='email') }}">Email templates</a></li>
@@ -21,7 +23,8 @@
     <li><a href="{{ url_for('.manage_users', service_id=service_id) }}">Manage team</a></li>
     <li><a href="{{ url_for('.service_settings', service_id=service_id) }}">Manage settings</a></li>
   </ul>
-  {% else %}
+  {% endif %}
+  {% if current_user.has_permissions(['view_activity'], admin_override=True) %}
   <ul>
     <li><a href="{{ url_for('.manage_users', service_id=service_id) }}">View team members</a></li>
   </ul>
diff --git a/app/templates/views/manage-users.html b/app/templates/views/manage-users.html
index 0a7a5ada9..aa626e5f5 100644
--- a/app/templates/views/manage-users.html
+++ b/app/templates/views/manage-users.html
@@ -63,7 +63,9 @@ Manage users – GOV.UK Notify
       {{ boolean_field(item.has_permissions(permissions=['manage_api_keys', 'access_developer_docs'])) }}
       {% if item.status == 'pending' %}
         {% call field(align='right') %}
-          <a href="{{ url_for('.cancel_invited_user', service_id=service_id, invited_user_id=item.id)}}">Cancel invitation</a>
+          {% if current_user.has_permissions(['manage_users']) %}
+            <a href="{{ url_for('.cancel_invited_user', service_id=service_id, invited_user_id=item.id)}}">Cancel invitation</a>
+          {% endif %}
         {% endcall %}
       {% else %}
         {% call field() %}
diff --git a/tests/app/main/views/test_dashboard.py b/tests/app/main/views/test_dashboard.py
index 34fcf71e2..6ef4127aa 100644
--- a/tests/app/main/views/test_dashboard.py
+++ b/tests/app/main/views/test_dashboard.py
@@ -48,7 +48,7 @@ def test_menu_send_messages(mocker, app_, api_user_active, service_one, mock_get
             app_,
             api_user_active,
             service_one,
-            ['send_texts', 'send_emails', 'send_letters'])
+            ['view_activity', 'send_texts', 'send_emails', 'send_letters'])
         page = resp.get_data(as_text=True)
         assert url_for(
             'main.choose_template',
@@ -74,7 +74,7 @@ def test_menu_manage_service(mocker, app_, api_user_active, service_one, mock_ge
             app_,
             api_user_active,
             service_one,
-            ['manage_users', 'manage_templates', 'manage_settings'])
+            ['view_activity', 'manage_users', 'manage_templates', 'manage_settings'])
         page = resp.get_data(as_text=True)
         assert url_for(
             'main.choose_template',
@@ -99,7 +99,7 @@ def test_menu_manage_api_keys(mocker, app_, api_user_active, service_one, mock_g
             app_,
             api_user_active,
             service_one,
-            ['manage_api_keys', 'access_developer_docs'])
+            ['view_activity', 'manage_api_keys', 'access_developer_docs'])
         page = resp.get_data(as_text=True)
         assert url_for(
             'main.choose_template',
@@ -159,6 +159,6 @@ def test_route_for_service_permissions(mocker,
                 url_for(
                     route,
                     service_id=service_one['id']),
-                [],
+                ['view_activity'],
                 api_user_active,
                 service_one)
diff --git a/tests/app/main/views/test_templates.py b/tests/app/main/views/test_templates.py
index d8096f675..af85ffce4 100644
--- a/tests/app/main/views/test_templates.py
+++ b/tests/app/main/views/test_templates.py
@@ -154,6 +154,27 @@ def test_route_permissions(mocker,
                 service_one)
 
 
+def test_route_permissions_for_choose_tempalte(mocker,
+                                               app_,
+                                               api_user_active,
+                                               service_one,
+                                               mock_get_service_template):
+    with app_.test_request_context():
+        validate_route_permission(
+            mocker,
+            app_,
+            "GET",
+            200,
+            url_for(
+                'main.choose_template',
+                service_id=service_one['id'],
+                template_type='sms',
+                template_id=123),
+            ['view_activity'],
+            api_user_active,
+            service_one)
+
+
 def test_route_invalid_permissions(mocker,
                                    app_,
                                    api_user_active,
@@ -175,6 +196,6 @@ def test_route_invalid_permissions(mocker,
                     service_id=service_one['id'],
                     template_type='sms',
                     template_id=123),
-                ['blah'],
+                ['view_activity'],
                 api_user_active,
                 service_one)