diff --git a/warden_server/warden_server.py b/warden_server/warden_server.py
index ffe7ce3661240e507df4c5104180eecb75f789da..c68e7a1b0354d3e6eb4fea84ca4aa48dac860b63 100755
--- a/warden_server/warden_server.py
+++ b/warden_server/warden_server.py
@@ -305,6 +305,12 @@ class PlainAuthenticator(ObjectBase):
                 return None
             return client
 
+        if method.manage:
+            if not client.manage:
+                self.log.info("authorize: failed, client does not have manage enabled")
+                return None
+            return client
+
         if method.read:
             if not client.read:
                 self.log.info("authorize: failed, client does not have read enabled")
@@ -1431,13 +1437,14 @@ class PostgreSQL(DataBase):
         return ["DELETE FROM events WHERE id <= %s"], [(id_,)], 0
 
 
-def expose(read=True, write=False, debug=False):
+def expose(read=True, write=False, debug=False, manage=False):
 
     def expose_deco(meth):
         meth.exposed = True
         meth.read = read
         meth.write = write
         meth.debug = debug
+        meth.manage = manage
         if not hasattr(meth, "arguments"):
             meth.arguments = get_method_params(meth)
         return meth
@@ -1630,7 +1637,7 @@ class WardenHandler(ObjectBase):
             info["description"] = self.description
         return info
 
-    @expose(read=True)
+    @expose(manage=True)
     @json_wrapper
     def getClients(self):
         clients = self.db.get_clients()