diff --git a/app/assets/stylesheets/scaffolds.css.scss b/app/assets/stylesheets/scaffolds.css.scss
index 61fedd4..02ff4b7 100644
--- a/app/assets/stylesheets/scaffolds.css.scss
+++ b/app/assets/stylesheets/scaffolds.css.scss
@@ -74,4 +74,4 @@ td, th { padding: 0.5em; }
 dt { font-weight: bold; }
 .notice { color: green; }
 .alert { color: red; }
-
+.hidden, .hidden a { color: #ccc; }
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 57035eb..1c4ae6d 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -3,10 +3,11 @@ class Ability
 
   def initialize(user)
     if !user.nil?
+
       # By default, users can only see their own stuff
       can :read, Card, :user_id => user.id
       can :read, Certification
-      can :read, User, :id => user.id
+      can :read, User, :id => user.id #TODO: why can users update themselves?
       can :read, UserCertification, :user_id => user.id
 
       # Admins can manage all
@@ -24,6 +25,13 @@ class Ability
         can :read, User, :hidden => [nil,false]
         can :read, UserCertification
       end 
+
+      # Prevent all destruction for now
+      cannot :destroy, User
+      cannot :destroy, Card
+      cannot :destroy, Certification
+      cannot :destroy, UserCertification
+      cannot :destroy, DoorLog
     end 
     # Define abilities for the passed in user here. For example:
     #
diff --git a/app/views/certifications/index.html.erb b/app/views/certifications/index.html.erb
index a429e00..222caf2 100644
--- a/app/views/certifications/index.html.erb
+++ b/app/views/certifications/index.html.erb
@@ -6,7 +6,7 @@
 <% @certifications.each do |certification| %>
   <li><%= link_to certification.name, certification %>
   <% if can? :update, certification %> | <%= link_to 'Edit', edit_certification_path(certification) %><% end %>
-  <% if can? :delete, certification %> | <%= link_to 'Destroy', certification, :confirm => 'Are you sure?', :method => :delete %><% end %>
+  <% if can? :destroy, certification %> | <%= link_to 'Destroy', certification, :confirm => 'Are you sure?', :method => :delete %><% end %>
   </li>
 <% end %>
 </ul>
diff --git a/app/views/user_certifications/show.html.erb b/app/views/user_certifications/show.html.erb
index ebd167a..bcd1707 100644
--- a/app/views/user_certifications/show.html.erb
+++ b/app/views/user_certifications/show.html.erb
@@ -21,5 +21,5 @@
 <%= link_to 'Edit', edit_user_certification_path(@user_certification) %> |
 <%= link_to 'Back', user_certifications_path %>
 <p>
-<%= link_to 'Destroy', @user_certification, :confirm => "Are you sure you want to destroy this user's certification?", :method => :delete %>
+<%= link_to 'Destroy', @user_certification, :confirm => "Are you sure you want to destroy this user's certification?", :method => :delete if can? :destroy, @user_certification %>
 </p>
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb
index da10d93..69a5c53 100644
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
@@ -31,7 +31,7 @@
   
 <% if !@users.blank? %>
   <% @users.each do |user| %>
-  <tr>
+  <tr<%= " class='hidden'" if user.hidden? %>>
     <td><%= link_to user.name, user %></td>
     <% if current_user.admin? then %><td><%= user.email %></td><% end %>
     <td><% user.certifications.each do |c| %>