only root and deployment admins can see controllers
diff --git a/planetstack/core/admin.py b/planetstack/core/admin.py
index 734d284..00e7395 100644
--- a/planetstack/core/admin.py
+++ b/planetstack/core/admin.py
@@ -660,6 +660,9 @@
     def delete_model(self, request, obj):
         obj.delete_by_user(request.user)
 
+    def queryset(self, request):
+        return Controller.select_by_user(request.user)    
+
     @property
     def suit_form_tabs(self):
         tabs = [('general', 'Controller Details'),
diff --git a/planetstack/core/models/site.py b/planetstack/core/models/site.py
index 449a72b..eb182c8 100644
--- a/planetstack/core/models/site.py
+++ b/planetstack/core/models/site.py
@@ -253,10 +253,20 @@
     admin_tenant = models.CharField(max_length=200, null=True, blank=True, help_text="Name of the tenant the admin user belongs to")
     domain = models.CharField(max_length=200, null=True, blank=True, help_text="Name of the domain this controller belongs to")
     deployment = models.ForeignKey(Deployment,related_name='controllerdeployments')
-    
+   
 
     def __unicode__(self):  return u'%s %s %s' % (self.name, self.backend_type, self.version)
 
+    @staticmethod
+    def select_by_user(user):
+
+        if user.is_admin:
+            qs = Controller.objects.all()
+        else:
+            deployments = [dp.deployment for dp in DeploymentPrivilege.objects.filter(user=user, role__role__in=['Admin', 'admin'])]
+            qs = Controller.objects.filter(deployment__in=deployments)
+    return qs
+
 class SiteDeployment(PlCoreBase):
     objects = ControllerLinkManager()
     deleted_objects = ControllerLinkDeletionManager()