diff --git a/aleksis/apps/maka/schema/effort.py b/aleksis/apps/maka/schema/effort.py
index 842c675d66d5348dd8b5ca69a5f37b4db383043a..73ce9fa3a9a45d7052283621b6d35c0bd7ee2a89 100644
--- a/aleksis/apps/maka/schema/effort.py
+++ b/aleksis/apps/maka/schema/effort.py
@@ -1,5 +1,10 @@
+from django.core.exceptions import PermissionDenied
+from django.db.models import Q
+
 from graphene_django.types import DjangoObjectType
+from guardian.shortcuts import get_objects_for_user
 
+from aleksis.core.models import Group
 from aleksis.core.schema.base import (
     BaseBatchCreateMutation,
     BaseBatchDeleteMutation,
@@ -7,6 +12,7 @@ from aleksis.core.schema.base import (
     DjangoFilterMixin,
     PermissionsTypeMixin,
 )
+from aleksis.core.util.core_helpers import get_site_preferences, has_person
 
 from ..models import Effort as EffortModel
 from ..models import EffortType as EffortTypeModel
@@ -29,6 +35,12 @@ class EffortTypeType(
             "name": ["icontains", "exact"],
         }
 
+    @classmethod
+    def get_queryset(cls, queryset, info):
+        if info.context.user.has_perm("maka.view_efforttypes_rule"):
+            return queryset
+        raise PermissionDenied()
+
 
 class EffortTypeBatchCreateMutation(SharedSecretBatchCreateMixin, BaseBatchCreateMutation):
     class Meta:
@@ -70,6 +82,17 @@ class EffortType(SharedSecretObjectType, PermissionsTypeMixin, DjangoFilterMixin
             "name": ["icontains", "exact"],
         }
 
+    @classmethod
+    def get_queryset(cls, queryset, info):
+        if info.context.user.has_perm("maka.view_effort"):
+            return queryset
+        elif has_person(info.context.user):
+            groups = get_objects_for_user(info.context.user, "core.view_efforts_group", Group).union(info.context.user.person.owner_of.all())
+            if get_site_preferences()["maka__view_own_efforts"]:
+                groups = groups.union(info.context.user.person.member_of.all())
+            return queryset.filter(group__in=groups.values_list("id", flat=True))
+        raise PermissionDenied()
+
 
 class EffortBatchCreateMutation(SharedSecretBatchCreateMixin, BaseBatchCreateMutation):
     class Meta:
diff --git a/aleksis/apps/maka/schema/grade.py b/aleksis/apps/maka/schema/grade.py
index f5ca164c394f4212ed950a0e91aafbfa6cd2304c..cc8b41013730bd1687ff8f377dc310edd948a37e 100644
--- a/aleksis/apps/maka/schema/grade.py
+++ b/aleksis/apps/maka/schema/grade.py
@@ -1,5 +1,9 @@
+from django.core.exceptions import PermissionDenied
+
 from graphene_django.types import DjangoObjectType
+from guardian.shortcuts import get_objects_for_user
 
+from aleksis.core.models import Group
 from aleksis.core.schema.base import (
     BaseBatchCreateMutation,
     BaseBatchDeleteMutation,
@@ -7,6 +11,7 @@ from aleksis.core.schema.base import (
     DjangoFilterMixin,
     PermissionsTypeMixin,
 )
+from aleksis.core.util.core_helpers import get_site_preferences, has_person
 
 from ..models import Grade
 from .shared_secret import (
@@ -26,6 +31,17 @@ class GradeType(SharedSecretObjectType, PermissionsTypeMixin, DjangoFilterMixin,
             "name__lel": ["icontains", "exact"],
         }
 
+    @classmethod
+    def get_queryset(cls, queryset, info):
+        if info.context.user.has_perm("maka.view_grade"):
+            return queryset
+        elif has_person(info.context.user):
+            groups = get_objects_for_user(info.context.user, "core.view_grades_group", Group).union(info.context.user.person.owner_of.all())
+            if get_site_preferences()["maka__view_own_grades"]:
+                groups = groups.union(info.context.user.person.member_of.all())
+            return queryset.filter(effort__group__in=groups.values_list("id", flat=True))
+        raise PermissionDenied()
+
 
 class GradeBatchCreateMutation(SharedSecretBatchCreateMixin, BaseBatchCreateMutation):
     class Meta:
diff --git a/aleksis/apps/maka/schema/grade_set.py b/aleksis/apps/maka/schema/grade_set.py
index fadd0fc987494b8e2ab5a359e74ac9095c9237a6..6240c42fb04c790b08d8bac0ed5740206c4ae2b1 100644
--- a/aleksis/apps/maka/schema/grade_set.py
+++ b/aleksis/apps/maka/schema/grade_set.py
@@ -1,3 +1,5 @@
+from django.core.exceptions import PermissionDenied
+
 from graphene_django.types import DjangoObjectType
 
 from aleksis.core.schema.base import (
@@ -28,6 +30,12 @@ class GradeSetType(
             "name": ["icontains", "exact"],
         }
 
+    @classmethod
+    def get_queryset(cls, queryset, info):
+        if info.context.user.has_perm("maka.view_gradesets_rule"):
+            return queryset
+        raise PermissionDenied()
+
 
 class GradeSetBatchCreateMutation(SharedSecretBatchCreateMixin, BaseBatchCreateMutation):
     class Meta:
@@ -64,7 +72,9 @@ class GradeChoiceType(PermissionsTypeMixin, DjangoFilterMixin, DjangoObjectType)
 
     @classmethod
     def get_queryset(cls, queryset, info):
-        return queryset.order_by("order")
+        if info.context.user.has_perm("maka.view_gradechoices_rule"):
+            return queryset.order_by("order")
+        raise PermissionDenied()
 
 
 class GradeChoiceBatchCreateMutation(BaseBatchCreateMutation):