diff --git a/packages/component-faraday-selectors/src/index.js b/packages/component-faraday-selectors/src/index.js
index 3c48b4f1aaf15ce372a53952f776dd1049bb49bb..40e8640c8c2cc1b685b37ba1a927b34fbf020c6e 100644
--- a/packages/component-faraday-selectors/src/index.js
+++ b/packages/component-faraday-selectors/src/index.js
@@ -303,7 +303,7 @@ export const canHEOnlyReject = (collection = {}) => {
   return canHEOnlyRejectStatuses.includes(status)
 }
 
-const canEditManuscriptStatuses = ['draft', 'technicalChecks', 'inQA']
+const cannotEditManuscriptStatuses = ['withdrawn', 'rejected', 'accepted']
 export const canEditManuscript = (state, collection = {}, fragment = {}) => {
   const isAdmin = currentUserIs(state, 'isAdmin')
   if (
@@ -313,7 +313,7 @@ export const canEditManuscript = (state, collection = {}, fragment = {}) => {
     return false
   const status = get(collection, 'status', 'draft')
 
-  return canEditManuscriptStatuses.includes(status)
+  return !cannotEditManuscriptStatuses.includes(status)
 }
 
 const canOverrideTechnicalChecksStatuses = ['technicalChecks', 'inQA']
diff --git a/packages/xpub-faraday/config/authsome-helpers.js b/packages/xpub-faraday/config/authsome-helpers.js
index 39f753c539a754d22829a00a0397277236eb40b1..a828242791e6f55a399a11cc87ab0f20877390b1 100644
--- a/packages/xpub-faraday/config/authsome-helpers.js
+++ b/packages/xpub-faraday/config/authsome-helpers.js
@@ -37,6 +37,9 @@ const isOwner = ({ user: { id }, object }) => {
   return !!object.owners.find(own => own.id === id)
 }
 
+const isLastFragment = (collection, fragment) =>
+  get(fragment, 'id', '') === last(get(collection, 'fragments', []))
+
 const hasPermissionForObject = async ({ user, object, Team, roles = [] }) => {
   const userPermissions = await getUserPermissions({
     user,
@@ -333,6 +336,7 @@ module.exports = {
   parseUser,
   getUsersList,
   getCollections,
+  isLastFragment,
   isHandlingEditor,
   getUserPermissions,
   setCollectionStatus,
diff --git a/packages/xpub-faraday/config/authsome-mode.js b/packages/xpub-faraday/config/authsome-mode.js
index fd332e96828296c39d3bc5bd1e79ffed1dc0c9fb..c54dac097298841495a2289a5f4bebb986dd01ff 100644
--- a/packages/xpub-faraday/config/authsome-mode.js
+++ b/packages/xpub-faraday/config/authsome-mode.js
@@ -65,7 +65,11 @@ function unauthenticatedUser(operation, object, userId) {
   return false
 }
 
-const filterDraftCollections = c => get(c, 'status', 'draft') !== 'draft'
+const isCollectionInStatuses = (c, statuses) =>
+  statuses.includes(get(c, 'status', 'draft'))
+
+const filterCollectionInStatuses = (statuses = []) => c =>
+  !statuses.includes(get(c, 'status', 'draft'))
 
 const filterNoFragmentCollections = c => c.fragments.length !== 0
 
@@ -78,6 +82,11 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
     }
 
     if (get(object, 'type') === 'collection') {
+      if (isCollectionInStatuses(object, ['draft', 'technicalChecks'])) {
+        if (!helpers.isOwner({ user, object })) {
+          return false
+        }
+      }
       return {
         filter: async collection => {
           const userPermissions = await helpers.getUserPermissions({
@@ -325,12 +334,36 @@ async function applyAdminPolicy(user, operation, object, context) {
       )
     }
   }
+  if (operation === 'PATCH') {
+    if (get(object, 'current.type') === 'collection') {
+      return !isCollectionInStatuses(get(object, 'current'), [
+        'rejected',
+        'accepted',
+        'withdrawn',
+      ])
+    }
+    if (get(object, 'current.type') === 'fragment') {
+      const collection = await context.models.Collection.find(
+        get(object, 'current.collectionId'),
+      )
+      return (
+        helpers.isLastFragment(collection, get(object, 'current')) &&
+        !isCollectionInStatuses(collection, [
+          'rejected',
+          'accepted',
+          'withdrawn',
+        ])
+      )
+    }
+  }
   return true
 }
 
 async function applyEditorInChiefPolicy(user, operation, object, context) {
   if (operation === 'GET') {
     if (get(object, 'type') === 'collection') {
+      if (isCollectionInStatuses(object, ['draft', 'technicalChecks']))
+        return false
       return {
         filter: collection => ({
           ...collection,
@@ -342,6 +375,14 @@ async function applyEditorInChiefPolicy(user, operation, object, context) {
       }
     }
 
+    if (get(object, 'type') === 'fragment') {
+      const collection = await context.models.Collection.find(
+        get(object, 'collectionId'),
+      )
+      if (isCollectionInStatuses(collection, ['draft', 'technicalChecks']))
+        return false
+    }
+
     if (get(object, 'path') === '/api/users') {
       return helpers.getUsersList({ UserModel: context.models.User, user })
     }
@@ -354,7 +395,7 @@ async function applyEditorInChiefPolicy(user, operation, object, context) {
       const collections = await context.models.Collection.all()
       return Promise.all(
         collections
-          .filter(filterDraftCollections)
+          .filter(filterCollectionInStatuses(['draft', 'technicalChecks']))
           .filter(filterNoFragmentCollections)
           .map(async coll => {
             const latestFragmentId = coll.fragments[coll.fragments.length - 1]
@@ -368,6 +409,14 @@ async function applyEditorInChiefPolicy(user, operation, object, context) {
       )
     }
   }
+  if (operation === 'PATCH') {
+    if (get(object, 'current.type') === 'collection') {
+      return false
+    }
+    if (get(object, 'current.type') === 'fragment') {
+      return false
+    }
+  }
   return true
 }