diff --git a/opigno_learning_path.routing.yml b/opigno_learning_path.routing.yml
index c342c63..8a40e17 100644
--- a/opigno_learning_path.routing.yml
+++ b/opigno_learning_path.routing.yml
@@ -307,7 +307,8 @@ opigno_learning_path.results:
     _title: 'Results'
     mode: 'results'
   requirements:
-    _custom_access: '\Drupal\opigno_learning_path\Controller\LearningPathResults::access' # TODO: Put final access
+    _entity_access: 'group.view'
+    #todo dynamic access to this handler based on whether results exist?
   options:
     parameters:
       group:
@@ -322,7 +323,8 @@ opigno_learning_path.results.delete:
     _title: 'Results'
     mode: 'delete'
   requirements:
-    _custom_access: '\Drupal\opigno_learning_path\Controller\LearningPathResults::access' # TODO: Put final access
+    _csrf_token: 'TRUE'
+    _entity_access: 'result.delete'
   options:
     parameters:
       group:
diff --git a/src/Entity/LPResult.php b/src/Entity/LPResult.php
index 74ff5a3..a6be637 100644
--- a/src/Entity/LPResult.php
+++ b/src/Entity/LPResult.php
@@ -24,6 +24,9 @@ use Drupal\user\Entity\User;
  *     "learning_path_id" = "learning_path_id",
  *     "user_id" = "user_id",
  *     "has_passed" = "has_passed"
+ *   },
+ *   handlers = {
+ *    "access" = "Drupal\opigno_learning_path\LPResultAccessControlHandler",
  *   }
  * )
  */
diff --git a/src/LPResultAccessControlHandler.php b/src/LPResultAccessControlHandler.php
new file mode 100644
index 0000000..a2ee547
--- /dev/null
+++ b/src/LPResultAccessControlHandler.php
@@ -0,0 +1,62 @@
+<?php
+
+namespace Drupal\opigno_learning_path;
+
+use Drupal\Core\Access\AccessException;
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Entity\EntityAccessControlHandler;
+use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Session\AccountInterface;
+
+/**
+ * Access control handler for the learning_path_result entity.
+ *
+ * @package Drupal\opigno_learning_path
+ */
+class LPResultAccessControlHandler extends EntityAccessControlHandler {
+
+  /**
+   * {@inheritdoc}
+   *
+   * Entity access control. checkAccess is called with the
+   * $operation as defined in the routing.yml file.
+   */
+  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
+    $group = $entity->getLearningPath();
+    $is_owner = ($entity->getUserId() == $account->id());
+
+    if (empty($group) || !is_object($group)) {
+      return AccessResult::forbidden(); // Should be ::neutral()?
+    }
+
+    if ($group->getGroupType()->id() != 'learning_path') {
+      throw new AccessException('LPResult associated with wrong group type!');
+    }
+
+    switch ($operation) {
+      case 'view':
+        // Allow user to view their own results.
+        return AccessResult::allowedIf($is_owner or $group->hasPermission('view all results', $account));
+
+      case 'edit':
+        return AccessResult::allowedIf(($is_owner && $group->hasPermission('edit own results', $account)) or $group->hasPermission('edit all results', $account));
+
+      case 'delete':
+        return AccessResult::allowedIf(($is_owner && $group->hasPermission('delete own results', $account)) or $group->hasPermission('delete all results', $account));
+    }
+    // Unknown operation, return neutral (will be denied if all access control handlers return neutral)
+    return AccessResult::neutral();
+  }
+
+  /**
+   * {@inheritdoc}
+   *
+   * Separate from the checkAccess because the entity does not yet exist, it
+   * will be created during the 'add' process.
+   */
+  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
+    // @todo Figure out creation.
+    return AccessResult::allowed();
+  }
+
+}
\ No newline at end of file