diff --git a/app-constants.js b/app-constants.js
index 81cd442a..2a415635 100644
--- a/app-constants.js
+++ b/app-constants.js
@@ -7,7 +7,8 @@ const UserRoles = {
   Admin: 'administrator',
   Copilot: 'copilot',
   Manager: 'Connect Manager',
-  User: 'Topcoder User'
+  User: 'Topcoder User',
+  SelfServiceCustomer: 'Self-Service Customer'
 }
 
 const prizeSetTypes = {
diff --git a/src/routes.js b/src/routes.js
index 7df4478e..ad4b1720 100644
--- a/src/routes.js
+++ b/src/routes.js
@@ -16,14 +16,14 @@ module.exports = {
     get: {
       controller: 'ChallengeController',
       method: 'searchChallenges',
-      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot, constants.UserRoles.Manager, constants.UserRoles.User],
+      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot, constants.UserRoles.SelfServiceCustomer, constants.UserRoles.Manager, constants.UserRoles.User],
       scopes: [READ, ALL]
     },
     post: {
       controller: 'ChallengeController',
       method: 'createChallenge',
       auth: 'jwt',
-      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot, constants.UserRoles.Manager, constants.UserRoles.User],
+      access: [constants.UserRoles.Admin, constants.UserRoles.SelfServiceCustomer, constants.UserRoles.Copilot, constants.UserRoles.Manager, constants.UserRoles.User],
       scopes: [CREATE, ALL]
     }
   },
@@ -43,21 +43,21 @@ module.exports = {
       controller: 'ChallengeController',
       method: 'fullyUpdateChallenge',
       auth: 'jwt',
-      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot, constants.UserRoles.Manager, constants.UserRoles.User],
+      access: [constants.UserRoles.Admin, constants.UserRoles.SelfServiceCustomer, constants.UserRoles.Copilot, constants.UserRoles.Manager, constants.UserRoles.User],
       scopes: [UPDATE, ALL]
     },
     patch: {
       controller: 'ChallengeController',
       method: 'partiallyUpdateChallenge',
       auth: 'jwt',
-      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot, constants.UserRoles.Manager, constants.UserRoles.User],
+      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot, constants.UserRoles.SelfServiceCustomer, constants.UserRoles.Manager, constants.UserRoles.User],
       scopes: [UPDATE, ALL]
     },
     delete: {
       controller: 'ChallengeController',
       method: 'deleteChallenge',
       auth: 'jwt',
-      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot, constants.UserRoles.Manager, constants.UserRoles.User],
+      access: [constants.UserRoles.Admin, constants.UserRoles.Copilot, constants.UserRoles.SelfServiceCustomer, constants.UserRoles.Manager, constants.UserRoles.User],
       scopes: [DELETE, ALL]
     }
   },