diff --git a/Admin/urls.py b/Admin/urls.py
index 178f7c8..caa6e58 100644
--- a/Admin/urls.py
+++ b/Admin/urls.py
@@ -3,11 +3,42 @@ from django.contrib import admin
 from django.urls import path,include
 from django.conf import settings
 from django.conf.urls.static import static
+from django.shortcuts import render
+from django.core.exceptions import PermissionDenied
+from django.http import HttpResponse
+from django.test import SimpleTestCase, override_settings
+
+def response_error_handler(request, exception=None):
+    context={}
+    return render(request, '403.html',context,status=403)
+
+
+def permission_denied_view(request):
+    raise PermissionDenied
+
+
+
 urlpatterns = [
     path('admin/', admin.site.urls),
     path('accounts/', include('allauth.urls')),
     path('', include('Clientes.urls')),
+    path('403/', permission_denied_view),
 ]
+handler403 = response_error_handler
+
+
+
 if settings.DEBUG: #DEV only
     urlpatterns += static(settings.STATIC_URL, document_root= settings.STATIC_ROOT)
-    urlpatterns += static(settings.MEDIA_URL, document_root= settings.MEDIA_ROOT)
\ No newline at end of file
+    urlpatterns += static(settings.MEDIA_URL, document_root= settings.MEDIA_ROOT)
+
+
+
+# ROOT_URLCONF must specify the module that contains handler403 = ...
+@override_settings(ROOT_URLCONF=__name__)
+class CustomErrorHandlerTests(SimpleTestCase):
+
+    def test_handler_renders_template_response(self):
+        response = self.client.get('/403/')
+        # Make assertions on the response here. For example:
+        self.assertContains(response, 'Error handler content', status_code=403)
\ No newline at end of file
diff --git a/Clientes/custom_decorators.py b/Clientes/custom_decorators.py
new file mode 100644
index 0000000..c635a1a
--- /dev/null
+++ b/Clientes/custom_decorators.py
@@ -0,0 +1,22 @@
+from functools import wraps
+from django.contrib import messages
+from django.shortcuts import redirect
+from django.http import HttpResponse
+
+
+def Custom_is_staff_function(user):
+    if user.is_staff:
+        return True
+    return False
+
+
+def is_staff_access(view_to_return="index"):
+    def decorator(view):
+        @wraps(view)
+        def _wrapped_view(request, *args, **kwargs):
+            if not Custom_is_staff_function(request.user):
+                messages.error(request, "No es personal del staff autorizado.")
+                return redirect(view_to_return)
+            return view(request, *args, **kwargs)
+        return _wrapped_view
+    return decorator
\ No newline at end of file
diff --git a/Clientes/urls.py b/Clientes/urls.py
index 554db38..633e666 100644
--- a/Clientes/urls.py
+++ b/Clientes/urls.py
@@ -16,7 +16,6 @@ from .views import (
 urlpatterns = [
     path('', index, name='index'),    
     path('add_timbre2/', add_timbre2.as_view(), name='add_timbre2'),
-
     path('timbres_cliente/<str:RFC>/', timbres_cliente, name='timbres_cliente'),
     path('cliente/update/<int:pk>/',ClientesUpdateView.as_view(),name='update_cliente'),
     path('cliente/add/', ClientesCreateView.as_view(), name='add_cliente'),
diff --git a/Clientes/views.py b/Clientes/views.py
index 8c7a904..635058b 100644
--- a/Clientes/views.py
+++ b/Clientes/views.py
@@ -3,6 +3,8 @@ from django.contrib import messages
 from django.http import HttpResponse
 from django.http import JsonResponse
 from django.contrib.auth.decorators import login_required
+from .custom_decorators import is_staff_access
+
 from .models import Clientes,Timbres,saldoModel,ErroresTimbres
 
 from rest_framework.views import APIView
@@ -134,8 +136,7 @@ def send_timbres_Email(request):
     return redirect('index')
 
 @login_required
-def index(request):
-    
+def index(request):    
     clientes_list = Clientes.objects.all()
     mes = request.GET.get('mes', None)
     page = request.GET.get('page', 1)
@@ -174,8 +175,6 @@ def index(request):
     return render(request,'Clientes/index.html',context)
 
 
-
-
 def pageFunc(page,qs,per_page):
     paginator = Paginator(qs,per_page)
     try:
@@ -188,9 +187,12 @@ def pageFunc(page,qs,per_page):
 
 
 @login_required
+@is_staff_access()
 def timbres_cliente(request, RFC):
-    lista = Timbres.objects.filter(rfcc=RFC)
-
+    if request.user.is_staff:
+        lista = Timbres.objects.filter(rfcc=RFC)
+    else:
+        lista = Timbres.objects.filter(rfcc=RFC,modo='Normal')
     search = request.GET.get('search',None)
     page = request.GET.get('page', 1)
     datepicker    = request.GET.get('datepicker', None)
@@ -236,10 +238,13 @@ class ClientesUpdateView(UserPassesTestMixin,LoginRequiredMixin,UpdateView):
     success_url='/'
     template_name='Clientes/edit_cliente.html'
 
-    def test_func(self):
-        #self.request.user.groups.all()
-        return self.request.user.groups.filter(name= 'admin_soft')
-
+    def test_func(self):  
+        
+        res = self.request.user.groups.filter(name= 'admin_soft')
+        if not res:
+            messages.error(self.request, f'Lo sentimos. La página que buscas no está disponible, no cuentas con los permisos.')
+        return res
+        
 
 class ClientesCreateView(UserPassesTestMixin,LoginRequiredMixin,CreateView):
     model = Clientes
diff --git a/Templates/403.html b/Templates/403.html
new file mode 100644
index 0000000..c62f4ed
--- /dev/null
+++ b/Templates/403.html
@@ -0,0 +1,35 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <!-- Required meta tags -->
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+
+    <!-- Bootstrap CSS -->
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.2.1/dist/css/bootstrap.min.css" integrity="sha384-GJzZqFGwb1QTTN6wy59ffF1BuGJpLSa9DkKMp0DgiMDm4iYMj70gZWKYbI706tWS" crossorigin="anonymous">
+
+    <title>Hello, world!</title>
+  </head>
+  <body >
+    <div>
+        {% include 'partials/messages.html' %}
+        <img class="rounded mx-auto d-block" src="https://www.lucushost.com/blog/wp-content/uploads/2020/06/error-403-forbidden.png" alt="Forbidden">
+        <a href="/"  class="btn btn-info btn-lg rounded mx-auto d-block mt-3">
+            <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-arrow-return-left" viewBox="0 0 16 16">
+                <path fill-rule="evenodd" d="M14.5 1.5a.5.5 0 0 1 .5.5v4.8a2.5 2.5 0 0 1-2.5 2.5H2.707l3.347 3.346a.5.5 0 0 1-.708.708l-4.2-4.2a.5.5 0 0 1 0-.708l4-4a.5.5 0 1 1 .708.708L2.707 8.3H12.5A1.5 1.5 0 0 0 14 6.8V2a.5.5 0 0 1 .5-.5z"/>
+              </svg>
+            Regresar al Inicio 
+        </a>
+        
+
+        
+    </div>
+    
+    
+    <!-- Optional JavaScript -->
+    <!-- jQuery first, then Popper.js, then Bootstrap JS -->
+    <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/popper.js@1.14.6/dist/umd/popper.min.js" integrity="sha384-wHAiFfRlMFy6i5SRaxvfOCifBUQy1xHdJ/yoi7FRNXMRBu5WHdZYu1hA6ZOblgut" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.2.1/dist/js/bootstrap.min.js" integrity="sha384-B0UglyR+jN6CkvvICOB2joaf5I4l3gm9GU6Hc1og6Ls7i6U/mkkaduKaBhlAXv9k" crossorigin="anonymous"></script>
+  </body>
+</html>
diff --git a/Templates/Clientes/index.html b/Templates/Clientes/index.html
index 5ad8f08..d2cd823 100644
--- a/Templates/Clientes/index.html
+++ b/Templates/Clientes/index.html
@@ -12,7 +12,6 @@ Timbres disponibles Comercio Digital: {{saldo}}
   <table class="table">
       <thead>
         <tr>
-
           <th scope="col">
             <input id="table_rfcc" name="rfcc" value="True" type="checkbox" class="form-check-input" >
             Cliente RFC
@@ -56,7 +55,6 @@ Timbres disponibles Comercio Digital: {{saldo}}
           <th scope="col">
             <a target="_blank" rel="noopener noreferrer" href="{% url 'export_Excel' %}?mes={{mes}}">Excel Todos los clientes X Mes </a>
           </th>
-
         </tr>
       </thead>
       <tbody>
@@ -133,8 +131,9 @@ Timbres disponibles Comercio Digital: {{saldo}}
                     </div>
                   {% endif %}
               </td>
-          </tr>
+          </tr>          
         {% endfor %}
+        
       </tbody>
   </table>
 </div>
diff --git a/Templates/Clientes/timbres_cliente.html b/Templates/Clientes/timbres_cliente.html
index 44bf5f6..4ec7e36 100644
--- a/Templates/Clientes/timbres_cliente.html
+++ b/Templates/Clientes/timbres_cliente.html
@@ -17,7 +17,6 @@
 </span>
 
 <br><br>
-
 <table class="table">
     <thead>
       <tr>
@@ -34,8 +33,8 @@
           Fecha
         </th>        
       </tr>
-    </thead>
-    <tbody>
+    </thead>  
+    <tbody>       
       {% for obj in lista %}
         <tr class="{% if obj.modo == 'Normal' %}table-success{% endif %}">
             <th scope="row">{{obj.uuid}}</th>            
@@ -48,6 +47,7 @@
     </tbody>
 </table>
 
+
 {% endblock content %}