diff --git a/README.md b/README.md
index 25e6629..1767078 100644
--- a/README.md
+++ b/README.md
@@ -108,7 +108,6 @@ See `justfile` for defined commands.
 
 ## TODO
 
-- [ ] Add admin/owner/etc to list allowed pubkeys
 - [ ] Watch configuration files and hot reload
 - [ ] Free up resources after instance inactivity
 - [ ] Admin/member lists
diff --git a/zooid/instance.go b/zooid/instance.go
index 2af5fac..951122f 100644
--- a/zooid/instance.go
+++ b/zooid/instance.go
@@ -134,10 +134,6 @@ func (instance *Instance) HasAccess(pubkey nostr.PubKey) bool {
 		return true
 	}
 
-	if instance.Management.PubkeyIsBanned(pubkey) {
-		return false
-	}
-
 	filter := nostr.Filter{
 		Kinds:   []nostr.Kind{AUTH_JOIN},
 		Authors: []nostr.PubKey{pubkey},
diff --git a/zooid/management.go b/zooid/management.go
index d06ae0a..6364b5e 100644
--- a/zooid/management.go
+++ b/zooid/management.go
@@ -5,6 +5,7 @@ import (
 	"fiatjaf.com/nostr"
 	"fiatjaf.com/nostr/khatru"
 	"fiatjaf.com/nostr/nip86"
+	"fmt"
 )
 
 type ManagementStore struct {
@@ -162,6 +163,45 @@ func (m *ManagementStore) Enable(instance *Instance) {
 		return reasons, nil
 	}
 
+	instance.Relay.ManagementAPI.ListAllowedPubKeys = func(ctx context.Context) ([]nip86.PubKeyReason, error) {
+		reasons := make([]nip86.PubKeyReason, 0)
+
+		reasons = append(reasons, nip86.PubKeyReason{
+			PubKey: nostr.MustPubKeyFromHex(m.Config.Self.Pubkey),
+			Reason: "relay owner",
+		})
+
+		reasons = append(reasons, nip86.PubKeyReason{
+			PubKey: m.Config.Secret.Public(),
+			Reason: "relay self",
+		})
+
+		for name, role := range m.Config.Roles {
+			for _, pubkey := range role.Pubkeys {
+				reasons = append(reasons, nip86.PubKeyReason{
+					PubKey: nostr.MustPubKeyFromHex(pubkey),
+					Reason: fmt.Sprintf("assigned to role: %s", name),
+				})
+			}
+		}
+
+		filter := nostr.Filter{
+			Kinds: []nostr.Kind{AUTH_JOIN},
+		}
+
+		for event := range m.Events.QueryEvents(filter, 0) {
+			reasons = append(
+				reasons,
+				nip86.PubKeyReason{
+					PubKey: event.PubKey,
+					Reason: "joined via invite code",
+				},
+			)
+		}
+
+		return reasons, nil
+	}
+
 	instance.Relay.ManagementAPI.BanEvent = func(ctx context.Context, id nostr.ID, reason string) error {
 		instance.Events.DeleteEvent(id)
 
diff --git a/zooid/management_test.go b/zooid/management_test.go
index 9873a08..1d0b264 100644
--- a/zooid/management_test.go
+++ b/zooid/management_test.go
@@ -162,4 +162,4 @@ func TestManagementStore_EventIsBanned_NotBanned(t *testing.T) {
 	if mgmt.EventIsBanned(eventID) {
 		t.Error("EventIsBanned() should return false for non-banned event")
 	}
-}
\ No newline at end of file
+}