diff --git a/app/policies/execution_environment_policy.rb b/app/policies/execution_environment_policy.rb
index 51eabdf3..3ee5a1c0 100644
--- a/app/policies/execution_environment_policy.rb
+++ b/app/policies/execution_environment_policy.rb
@@ -7,4 +7,8 @@ class ExecutionEnvironmentPolicy < AdminOnlyPolicy
   [:execute_command?, :shell?, :statistics?].each do |action|
     define_method(action) { admin? || author? }
   end
+
+  [:create?, :index?, :new?].each do |action|
+    define_method(action) { admin? || teacher? }
+  end
 end
diff --git a/spec/policies/execution_environment_policy_spec.rb b/spec/policies/execution_environment_policy_spec.rb
index 799881b5..8bede9e1 100644
--- a/spec/policies/execution_environment_policy_spec.rb
+++ b/spec/policies/execution_environment_policy_spec.rb
@@ -21,7 +21,8 @@ describe ExecutionEnvironmentPolicy do
     end
   end
 
-  [:destroy?, :edit?, :execute_command?, :shell?, :show?, :update?].each do |action|
+
+  [:execute_command?, :shell?, :statistics?].each do |action|
     permissions(action) do
       it 'grants access to admins' do
         expect(subject).to permit(FactoryGirl.build(:admin), execution_environment)
@@ -38,4 +39,22 @@ describe ExecutionEnvironmentPolicy do
       end
     end
   end
+
+  [:destroy?, :edit?, :show?, :update?].each do |action|
+    permissions(action) do
+      it 'grants access to admins' do
+        expect(subject).to permit(FactoryGirl.build(:admin), execution_environment)
+      end
+
+      it 'does not grant access to authors' do
+        expect(subject).not_to permit(execution_environment.author, execution_environment)
+      end
+
+      it 'does not grant access to all other users' do
+        [:external_user, :teacher].each do |factory_name|
+          expect(subject).not_to permit(FactoryGirl.build(factory_name), execution_environment)
+        end
+      end
+    end
+  end
 end