diff --git a/portfolio/account/__pycache__/views.cpython-36.pyc b/portfolio/account/__pycache__/views.cpython-36.pyc
index dc8d82b..1eecab4 100644
Binary files a/portfolio/account/__pycache__/views.cpython-36.pyc and b/portfolio/account/__pycache__/views.cpython-36.pyc differ
diff --git a/portfolio/account/views.py b/portfolio/account/views.py
index 2bdabb8..f64af91 100644
--- a/portfolio/account/views.py
+++ b/portfolio/account/views.py
@@ -1,5 +1,7 @@
 from rest_framework import viewsets, mixins
 from rest_framework.response import Response
+from rest_framework import permissions
+from rest_framework.decorators import permission_classes
 from rest_framework.authtoken.views import ObtainAuthToken
 
 from drf_yasg.utils import swagger_auto_schema
@@ -10,10 +12,26 @@ from .models import Account, Guest
 from .serializers import *
 
 
-class AccountViewSet(viewsets.ModelViewSet):
+class AnonAndUserPermissions(permissions.BasePermission):
+    """
+    Anonymous user always can create && User can modify self records only
+    
+    this is override of permissions in settings
+    """
+    def has_object_permission(self, request, view, obj):
+        if request.method == 'POST':
+            return True
+        return str(obj.username) == str(request.user)
 
+
+class AccountViewSet(viewsets.ModelViewSet):
+    """
+    A User CRUD `retrieve()`, `list()` and abstract `create()` (`create()` is register)
+    and  `update()` from class `ModelViewSet` in viewsets
+    """
     queryset = Account.objects.all()
     serializer_class = AccountSerializer
+    permission_classes = (AnonAndUserPermissions, )
 
     @swagger_auto_schema(responses={ 200: AccountGetSerializer })
     def retrieve(self, request, pk=None):
@@ -29,7 +47,9 @@ class AccountViewSet(viewsets.ModelViewSet):
 
 
 class AccountAuth(ObtainAuthToken):
-
+    """
+    A User Authorization `login()`, `logout()`
+    """
     queryset = Account.objects.all()
     serializer_class = AccountAuthSerializer
 
@@ -52,3 +72,4 @@ class AccountAuth(ObtainAuthToken):
 class GuestViewSet(viewsets.ModelViewSet):
     queryset = Guest.objects.all()
     serializer_class = GuestSerializer
+    permission_classes = (AnonAndUserPermissions, )
diff --git a/portfolio/album/__pycache__/serializers.cpython-36.pyc b/portfolio/album/__pycache__/serializers.cpython-36.pyc
index 0069eaa..d8efc5d 100644
Binary files a/portfolio/album/__pycache__/serializers.cpython-36.pyc and b/portfolio/album/__pycache__/serializers.cpython-36.pyc differ
diff --git a/portfolio/album/serializers.py b/portfolio/album/serializers.py
index 3e2c222..34480c6 100644
--- a/portfolio/album/serializers.py
+++ b/portfolio/album/serializers.py
@@ -20,7 +20,7 @@ class TrackRowSerializer(serializers.ModelSerializer):
         return TrackRow.create(TrackRow, validated_data)
 
     def update(self, instance, validated_data):
-        return instance.update(instance, validated_data)
+        return instance.update(validated_data)
 
     class Meta:
         model = TrackRow