diff --git a/CHANGELOG.md b/CHANGELOG.md
index 242676c..644d69d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,9 @@
 
 ## Unreleased
 
+- Fixed a bug where the products index page gave impression that it was possible to sort by Link. ([#59](https://github.com/craftcms/stripe/issues/59))
+- Fixed a bug where, in certain cases, it was possible to access a Subscription element in a slideout without having permission to access the Stripe plugin. ([#61](https://github.com/craftcms/stripe/pull/61))
+- Fixed a bug where the “Sync from Stripe” user menu item was shown even if user didn't have permission to access the Stripe plugin. ([#61](https://github.com/craftcms/stripe/pull/61))
 - Fixed a bug where the Webhook Signing Secret and ID were showing as parsed on the Webhooks page. ([#62](https://github.com/craftcms/stripe/issues/62))
 
 ## 1.3.0 - 2024-11-19
diff --git a/src/Plugin.php b/src/Plugin.php
index 6ba93ec..0a9eba2 100644
--- a/src/Plugin.php
+++ b/src/Plugin.php
@@ -577,7 +577,7 @@ private function registerUserActions(): void
             Element::EVENT_DEFINE_ACTION_MENU_ITEMS,
             function(DefineMenuItemsEvent $event) {
                 $sender = $event->sender;
-                if ($email = $sender->email) {
+                if ($email = $sender->email && Craft::$app->getUser()->checkPermission('accessPlugin-stripe')) {
                     $customers = Plugin::getInstance()->getApi()->fetchAllCustomers(['email' => $email]);
                     if ($customers) {
                         $stripeIds = collect($customers)->pluck('id');
diff --git a/src/controllers/CustomersController.php b/src/controllers/CustomersController.php
index f7094e2..d0d1cf2 100644
--- a/src/controllers/CustomersController.php
+++ b/src/controllers/CustomersController.php
@@ -7,6 +7,7 @@
 
 namespace craft\stripe\controllers;
 
+use Craft;
 use craft\controllers\EditUserTrait;
 use craft\elements\User;
 use craft\helpers\Cp;
@@ -56,6 +57,7 @@ public function actionIndex(?int $userId = null): Response
             'context' => 'embedded-index',
             'jsSettings' => [
                 'criteria' => ['userId' => $user->id],
+                'static' => !Craft::$app->getUser()->checkPermission('editUsers'),
             ],
         ]);
 
diff --git a/src/elements/Product.php b/src/elements/Product.php
index acc7aea..365fc94 100644
--- a/src/elements/Product.php
+++ b/src/elements/Product.php
@@ -293,6 +293,7 @@ protected static function defineSortOptions(): array
         $sortOptions = parent::defineSortOptions();
 
         unset($sortOptions['stripeEdit']);
+        unset($sortOptions['link']);
 
         $sortOptions['title'] = self::displayName();
 
diff --git a/src/elements/Subscription.php b/src/elements/Subscription.php
index 715c095..924819e 100644
--- a/src/elements/Subscription.php
+++ b/src/elements/Subscription.php
@@ -410,7 +410,7 @@ protected static function defineDefaultCardAttributes(): array
      */
     public function canView(User $user): bool
     {
-        return true;
+        return parent::canView($user) || $user->can('accessPlugin-stripe');
     }
 
     /**