diff --git a/app/src/Controller/AppController.php b/app/src/Controller/AppController.php
index 0d56c3359..3d267ccf2 100644
--- a/app/src/Controller/AppController.php
+++ b/app/src/Controller/AppController.php
@@ -147,7 +147,7 @@ public function beforeRender(\Cake\Event\EventInterface $event) {
     
     if(isset($this->RegistryAuth)) {
       // Components might not be loaded on error, so check
-      $this->set('vv_menu_permissions', $this->RegistryAuth->getMenuPermissions());
+      $this->set('vv_menu_permissions', $this->RegistryAuth->getMenuPermissions($this->getCOID()));
     }
     
     // For breadcrumbs, do we have a target model, and if so is it a configuration
diff --git a/app/src/Controller/Component/RegistryAuthComponent.php b/app/src/Controller/Component/RegistryAuthComponent.php
index c3b253c67..0221846ae 100644
--- a/app/src/Controller/Component/RegistryAuthComponent.php
+++ b/app/src/Controller/Component/RegistryAuthComponent.php
@@ -287,23 +287,26 @@ public function getAuthenticatedUser(): ?string {
    * templates/element/menuMain.php.
    * 
    * @since  COmanage Registry v5.0.0
-   * @return array Array of permissions
+   * @param  int   $coId  Current CO ID, if known
+   * @return array        Array of permissions
    */
   
-  public function getMenuPermissions() {
+  public function getMenuPermissions(?int $coId): array {
     $permissions = [];
     
-// XXX need to set permissions according to current user's roles
-    $permissions['platform'] = true;
+    $permissions['platform'] = $this->isPlatformAdmin();
 
     // Can access the Configuration Dashboard for the current CO
-    $permissions['configuration'] = true;
+    $permissions['configuration'] = $this->isPlatformAdmin() 
+                                    || $this->isCoAdmin($coId);
     
     // Can manage Groups in the current CO
-    $permissions['groups'] = true;
+    $permissions['groups'] = $this->isPlatformAdmin()
+                             || $this->isCoAdmin($coId);
     
     // Can manage People in the current CO
-    $permissions['people'] = true;
+    $permissions['people'] = $this->isPlatformAdmin()
+                             || $this->isCoAdmin($coId);
     
     return $permissions;
   }
@@ -336,22 +339,22 @@ public function isCoAdmin(?int $coId): bool {
     }
     
     if(!isset($this->cache['isCoAdmin'])) {
-      $this->cache['isCoAdmin'] = false;
+      $this->cache['isCoAdmin'][$coId] = false;
       
       if($this->authenticatedApiUser) {
         $ApiUsers = TableRegistry::getTableLocator()->get('ApiUsers');
         
         $priv = $ApiUsers->getUserPrivilege($this->authenticatedUser);
         
-        $this->cache['isCoAdmin'] = ($priv === true || $priv === $coId);
+        $this->cache['isCoAdmin'][$coId] = ($priv === true || $priv === $coId);
       } else {
         if(!empty($this->authenticatedUser)) {
-          $this->cache['isCoAdmin'] = $this->isIdentifierAdmin(identifier: $this->authenticatedUser, coId: $coId);
+          $this->cache['isCoAdmin'][$coId] = $this->isIdentifierAdmin(identifier: $this->authenticatedUser, coId: $coId);
         }
       }
     }
     
-    return $this->cache['isCoAdmin'];
+    return $this->cache['isCoAdmin'][$coId];
   }
   
   /**