diff --git a/app/helpers/epp/contacts_helper.rb b/app/helpers/epp/contacts_helper.rb
index 271b75101..7a215f341 100644
--- a/app/helpers/epp/contacts_helper.rb
+++ b/app/helpers/epp/contacts_helper.rb
@@ -46,21 +46,33 @@ module Epp::ContactsHelper
   end
 
   def info_contact
+    #TODO do we reject contact without authInfo or display less info?
     #TODO add data missing from contacts/info builder ( marked with 'if false' in said view ) 
     current_epp_user
     ph = params_hash['epp']['command']['info']['info']
 
     @contact = Contact.where(code: ph[:id]).first 
-    if @contact
+    case has_rights
+    when true
       render '/epp/contacts/info'
-    else
-      epp_errors << { code: '2303', msg: t('errors.messages.epp_obj_does_not_exist') }
+    when false
+      epp_errors << { code: '2201', msg: t('errors.messages.epp_authorization_error') }
       render 'epp/error'
     end
+  rescue NoMethodError => e
+    epp_errors << { code: '2303', msg: t('errors.messages.epp_obj_does_not_exist') }
+    render 'epp/error'
   end
 
   private
 
+  def has_rights
+    if @contact.created_by.registrar == current_epp_user.registrar
+      return true
+    end
+    return false
+  end
+
   def new_address
     ph = params_hash['epp']['command']['create']['create']
 
diff --git a/app/models/contact.rb b/app/models/contact.rb
index b8d7b184c..6f448eb02 100644
--- a/app/models/contact.rb
+++ b/app/models/contact.rb
@@ -6,6 +6,9 @@ class Contact < ActiveRecord::Base
   has_many :domain_contacts
   has_many :domains, through: :domain_contacts
 
+  belongs_to :created_by, class_name: 'EppUser', foreign_key: :created_by_id
+  belongs_to :updated_by, class_name: 'EppUser', foreign_key: :updated_by_id
+
   validates_presence_of :code, :name, :phone, :email, :ident
 
   validate :ident_must_be_valid
@@ -39,6 +42,14 @@ class Contact < ActiveRecord::Base
     ident_type != IDENT_TYPE_ICO
   end
 
+  def crID
+    created_by ? created_by.username : nil
+  end
+
+  def upID
+    updated_by ? updated_by.username : nil
+  end
+
   class << self
     def check_availability(codes)
       codes = [codes] if codes.is_a?(String)
diff --git a/app/models/epp_user.rb b/app/models/epp_user.rb
index 7f7c0b2bb..067c488fe 100644
--- a/app/models/epp_user.rb
+++ b/app/models/epp_user.rb
@@ -1,4 +1,5 @@
 class EppUser < ActiveRecord::Base
   #TODO should have max request limit per day
   belongs_to :registrar
+  has_many :contacts
 end
diff --git a/app/views/epp/contacts/info.xml.builder b/app/views/epp/contacts/info.xml.builder
index b42b9bada..b82736153 100644
--- a/app/views/epp/contacts/info.xml.builder
+++ b/app/views/epp/contacts/info.xml.builder
@@ -17,9 +17,9 @@ xml.epp_head do
         xml.tag!('contact:fax', @contact.fax)
         xml.tag!('contact:email', @contact.email)
         xml.tag!('contact:clID', @current_epp_user.username) if @current_epp_user
-        xml.tag!('contact:crID', '123') if false
+        xml.tag!('contact:crID', @contact.crID ) if @contact.crID
         xml.tag!('contact:crDate', @contact.created_at)
-        xml.tag!('contact:upID', '123') if false
+        xml.tag!('contact:upID', @contact.upID) if @contact.upID
         xml.tag!('contact:upDate', @contact.updated_at) unless @contact.updated_at == @contact.created_at
         xml.tag!('contact:trDate', '123') if false
         xml.tag!('contact:authInfo', '123') if false
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 79cf90fdc..662722d42 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -62,3 +62,4 @@ en:
       epp_obj_does_not_exist: 'Object does not exist'
       epp_command_failed: 'Command failed'
       epp_nameservers_range_fail: 'Domain must have %{min}-%{max} nameservers'
+      epp_authorization_error: 'Authorization error'
diff --git a/spec/epp/contact_spec.rb b/spec/epp/contact_spec.rb
index b7c159b1b..8672063c5 100644
--- a/spec/epp/contact_spec.rb
+++ b/spec/epp/contact_spec.rb
@@ -77,7 +77,7 @@ describe 'EPP Contact', epp: true do
     end
 
     it 'returns info about contact' do
-      Fabricate(:contact, :name => "Johnny Awesome")
+      Fabricate(:contact, name: "Johnny Awesome", created_by_id: '1')
       Fabricate(:address)
 
       response = epp_request('contacts/info.xml')
@@ -88,5 +88,14 @@ describe 'EPP Contact', epp: true do
       expect(contact.css('name').first.text).to eq('Johnny Awesome')
 
     end
+
+    it 'it doesn\'t display unassociated object' do
+      Fabricate(:contact, name:"Johnny Awesome", created_by_id: '240')
+      Fabricate(:epp_user, id: 240)
+
+      response = epp_request('contacts/info.xml')
+      expect(response[:result_code]).to eq('2201')
+      expect(response[:msg]).to eq('Authorization error')
+    end
   end
 end
diff --git a/spec/models/contact_spec.rb b/spec/models/contact_spec.rb
index f782e5ff7..1c0c0bc68 100644
--- a/spec/models/contact_spec.rb
+++ b/spec/models/contact_spec.rb
@@ -39,6 +39,32 @@ describe Contact do
   end
 end
 
+describe Contact, '#crID' do
+  before(:each) { Fabricate(:contact, code: "asd12", created_by: Fabricate(:epp_user)) }
+
+  it 'should return username of creator' do
+    expect(Contact.first.crID).to eq('gitlab')
+  end
+
+  it 'should return nil when no creator' do
+    expect(Contact.new.crID).to be nil
+  end
+end
+
+
+describe Contact, '#upID' do
+  before(:each) { Fabricate(:contact, code: "asd12", created_by: Fabricate(:epp_user), updated_by: Fabricate(:epp_user)) }
+
+  it 'should return username of updater' do
+    expect(Contact.first.upID).to eq('gitlab')
+  end
+
+  it 'should return nil when no updater' do
+    expect(Contact.new.upID).to be nil
+  end
+end
+
+
 describe Contact, '.check_availability' do
 
   before(:each) {