diff --git a/plinth/frontpage.py b/plinth/frontpage.py
index c0a69b892..6b0eb630c 100644
--- a/plinth/frontpage.py
+++ b/plinth/frontpage.py
@@ -14,22 +14,41 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
-
 """
 Manage application shortcuts on front page.
 """
+from . import actions
 
 shortcuts = {}
 
 
-def get_shortcuts():
+def get_shortcuts(username):
     """Return menu items in sorted order according to current locale."""
-    return sorted(shortcuts.values(), key=lambda item: item['label'])
+    if username:
+        shortcuts_to_return = {}
+        output = actions.superuser_run('users', ['get-user-groups', username])
+        user_groups = set(output.strip().split('\n'))
+
+        if 'admin' in user_groups:
+            # Admin has access to all services
+            return sorted(shortcuts.values(), key=lambda item: item['label'])
+
+        for shortcut_id, shortcut in shortcuts.items():
+            if shortcut['allowed_groups']:
+                if not user_groups.isdisjoint(shortcut['allowed_groups']):
+                    shortcuts_to_return[shortcut_id] = shortcut
+            else:
+                shortcuts_to_return[shortcut_id] = shortcut
+
+        return sorted(shortcuts_to_return.values(),
+                      key=lambda item: item['label'])
+    else:
+        return sorted(shortcuts.values(), key=lambda item: item['label'])
 
 
 def add_shortcut(shortcut_id, name, short_description="", login_required=False,
-                 icon=None, url=None,
-                 details=None, configure_url=None):
+                 icon=None, url=None, details=None, configure_url=None,
+                 allowed_groups=None):
     """Add shortcut to front page."""
 
     if not url:
@@ -51,7 +70,8 @@ def add_shortcut(shortcut_id, name, short_description="", login_required=False,
         'login_required': login_required,
         'details': details,
         'configure_url': configure_url,
-        'hidden': False
+        'hidden': False,
+        'allowed_groups': allowed_groups
     }
 
 
@@ -61,6 +81,7 @@ def remove_shortcut(shortcut_id):
 
     If shortcut_id ends with *, remove all shortcuts with that prefix.
     """
+
     def match(item):
         if shortcut_id[-1] == '*':
             return item['id'].startswith(shortcut_id[:-1])
@@ -68,9 +89,10 @@ def remove_shortcut(shortcut_id):
         return item['id'] == shortcut_id
 
     global shortcuts
-    shortcuts = {shortcut_id: shortcut
-                 for shortcut_id, shortcut in shortcuts.items()
-                 if not match(shortcut)}
+    shortcuts = {
+        shortcut_id: shortcut
+        for shortcut_id, shortcut in shortcuts.items() if not match(shortcut)
+    }
 
 
 def hide_shortcut(shortcut_id, hide=True):
diff --git a/plinth/modules/api/views.py b/plinth/modules/api/views.py
index c9e14bbc7..0f230d784 100644
--- a/plinth/modules/api/views.py
+++ b/plinth/modules/api/views.py
@@ -43,9 +43,10 @@ def access_info(request, **kwargs):
 def shortcuts(request, **kwargs):
     """API view to return the list of frontpage services."""
     # XXX: Get the module (or module name) from shortcut properly.
+    username = str(request.user) if request.user.is_authenticated else None
     shortcuts = [
         _get_shortcut_data(shortcut['id'].split('_')[0], shortcut)
-        for shortcut in frontpage.get_shortcuts()
+        for shortcut in frontpage.get_shortcuts(username)
     ]
     response = {'shortcuts': shortcuts}
     return HttpResponse(
diff --git a/plinth/modules/deluge/__init__.py b/plinth/modules/deluge/__init__.py
index e3d6e2973..5bd18169b 100644
--- a/plinth/modules/deluge/__init__.py
+++ b/plinth/modules/deluge/__init__.py
@@ -91,7 +91,7 @@ def setup(helper, old_version=None):
 
 def add_shortcut():
     frontpage.add_shortcut('deluge', name, short_description, url='/deluge',
-                           login_required=True)
+                           login_required=True, allowed_groups=[group[0]])
 
 
 def is_enabled():
diff --git a/plinth/modules/ikiwiki/__init__.py b/plinth/modules/ikiwiki/__init__.py
index dc055fbfa..e7c014cf0 100644
--- a/plinth/modules/ikiwiki/__init__.py
+++ b/plinth/modules/ikiwiki/__init__.py
@@ -100,7 +100,8 @@ def add_shortcuts():
     sites = [name for name in sites if name != '']
     for site in sites:
         frontpage.add_shortcut('ikiwiki_' + site, site, url='/ikiwiki/' + site,
-                               login_required=False, icon='ikiwiki')
+                               login_required=False, icon='ikiwiki',
+                               allowed_groups=[group[0]])
 
 
 def is_enabled():
diff --git a/plinth/modules/searx/__init__.py b/plinth/modules/searx/__init__.py
index 6c2e000f4..39ef86d4a 100644
--- a/plinth/modules/searx/__init__.py
+++ b/plinth/modules/searx/__init__.py
@@ -93,7 +93,7 @@ def setup(helper, old_version=None):
 def add_shortcut():
     """Helper method to add a shortcut to the frontpage."""
     frontpage.add_shortcut('searx', name, short_description=short_description,
-                           url='/searx/', login_required=True)
+                           url='/searx/', login_required=True, allowed_groups=[group[0]])
 
 
 def get_safe_search_setting():
diff --git a/plinth/modules/syncthing/__init__.py b/plinth/modules/syncthing/__init__.py
index bc303c568..d999425c7 100644
--- a/plinth/modules/syncthing/__init__.py
+++ b/plinth/modules/syncthing/__init__.py
@@ -104,7 +104,8 @@ def add_shortcut():
     """Helper method to add a shortcut to the frontpage."""
     frontpage.add_shortcut('syncthing', name,
                            short_description=short_description,
-                           url='/syncthing/', login_required=True)
+                           url='/syncthing/', login_required=True,
+                           allowed_groups=[group[0]])
 
 
 def is_running():
diff --git a/plinth/modules/transmission/__init__.py b/plinth/modules/transmission/__init__.py
index 581e61883..dcde47a44 100644
--- a/plinth/modules/transmission/__init__.py
+++ b/plinth/modules/transmission/__init__.py
@@ -102,7 +102,8 @@ def setup(helper, old_version=None):
 def add_shortcut():
     frontpage.add_shortcut('transmission', name,
                            short_description=short_description,
-                           url='/transmission', login_required=True)
+                           url='/transmission', login_required=True,
+                           allowed_groups=[group[0]])
 
 
 def is_enabled():
diff --git a/plinth/modules/ttrss/__init__.py b/plinth/modules/ttrss/__init__.py
index 09d1436df..89a89cbd8 100644
--- a/plinth/modules/ttrss/__init__.py
+++ b/plinth/modules/ttrss/__init__.py
@@ -101,7 +101,8 @@ def setup(helper, old_version=None):
 def add_shortcut():
     """Add a shortcut to the front page."""
     frontpage.add_shortcut('ttrss', name, short_description=short_description,
-                           url='/tt-rss', login_required=True)
+                           url='/tt-rss', login_required=True,
+                           allowed_groups=[group[0]])
 
 
 def is_enabled():
diff --git a/plinth/views.py b/plinth/views.py
index 25cafbb14..e3856fe85 100644
--- a/plinth/views.py
+++ b/plinth/views.py
@@ -43,7 +43,8 @@ REDIRECT_FIELD_NAME = 'next'
 @public
 def index(request):
     """Serve the main index page."""
-    shortcuts = frontpage.get_shortcuts()
+    username = str(request.user) if request.user.is_authenticated else None
+    shortcuts = frontpage.get_shortcuts(username)
     selection = request.GET.get('selected')
 
     details, details_label, configure_url = None, None, None