diff --git a/README.md b/README.md
index 9dbbede..222c8af 100644
--- a/README.md
+++ b/README.md
@@ -29,6 +29,18 @@ WEBHOOK_PROXY_URL=<web hook url (like https://smee.io), not required>
 
 Add `BASE_BRANCH=master` or whatever is appropriate.
 
+#### Allowed users
+
+It is possible to restrict who can execute a benchmark. 
+
+Add `ALLOWED_USERS` with comma separated list of user's github ids. Eg: 
+
+`ALLOWED_USERS=123,455,234`
+
+Github user id can be retrieved using Github API: https://api.github.com/users/your_github_user_name
+
+If `ALLOWED_USERS` is not specified - any user can execute the benchmark.
+
 ## Permissions Needed
 
 * Metadata: Read Only
diff --git a/index.js b/index.js
index 13a1e5b..7f48288 100644
--- a/index.js
+++ b/index.js
@@ -1,5 +1,15 @@
 
-var { benchBranch, benchmarkRuntime } = require("./bench");
+const { benchBranch, benchmarkRuntime } = require("./bench");
+
+let allowedUsers = process.env.ALLOWED_USERS;
+if (allowedUsers) {
+  allowedUsers = allowedUsers.split(",").map(Number).filter(item => item);
+}
+
+// Allow only selected users or if not specified - allow any.
+function isAllowed(senderId) {
+  return allowedUsers === undefined || allowedUsers.includes(senderId);
+}
 
 module.exports = app => {
   app.log(`base branch: ${process.env.BASE_BRANCH}`);
@@ -10,6 +20,18 @@ module.exports = app => {
       return;
     }
 
+    if (! isAllowed(context.payload.sender.id)){
+      app.log(`User not allowed ${context.payload.sender.id}`)
+      const repo = context.payload.repository.name;
+      const owner = context.payload.repository.owner.login;
+      const comment_id = context.payload.comment.id;
+      context.github.issues.updateComment({
+        owner, repo, comment_id,
+        body: `Denied. User is not allowed to execute benchmark.`
+      });
+      return;
+    }
+
     // Capture `<action>` in `/bench <action> <extra>`
     let action = commentText.split(" ").splice(1, 1).join(" ").trim();
     // Capture all `<extra>` text in `/bench <action> <extra>`