diff --git a/routes/acl.js b/routes/acl.js
index 82c502e..fcce790 100644
--- a/routes/acl.js
+++ b/routes/acl.js
@@ -60,7 +60,32 @@ router.put('/:cardNumber', async (req, res) => { // Attempt to create new ACL en
 	}
 });
 
-router.patch('/:cardNumber', async (req, res) => { // Update ACL entry. Fail if cardNumber does not exist
+router.get('/edit/:cardNumber', async (req, res) => { // Get ACL entry for editing
+	const cardNumber = parseInt(req.params.cardNumber);
+	if (isNaN(cardNumber) || cardNumber <= 0) {
+		return res.status(400).json({ error: 'Invalid card number' });
+	}
+	try {
+		const entry = await db.query('SELECT * FROM ACL WHERE CardNumber = ?', [cardNumber]);
+		if (!entry || entry.length === 0) {
+			return res.render('error', { error: 'Card number not found', button: { text: 'Back', action: 'back' } });
+		}
+		// generate doors object
+		const doors = {}
+		Object.keys(entry[0]).forEach(key => {
+			if (key !== 'id' && key !== 'Name' && key !== 'CardNumber' && key !== 'PIN' && key !== 'StartDate' && key !== 'EndDate') {
+				doors[key] = entry[0][key] === 1;
+			}
+		});
+
+		return res.render('acl-edit', { aclEntry: entry[0], doorsList: doors, user: req.session.user });
+	} catch (err) {
+		log.error(`Database error fetching ACL entry: ${err}`);
+		return res.status(500).render('error', { error: 'Internal server error', button: { text: 'Back', action: 'back' } });
+	}
+});
+
+router.patch('/edit/:cardNumber', async (req, res) => { // Update ACL entry. Fail if cardNumber does not exist
 	const cardNumber = parseInt(req.params.cardNumber);
 	if (isNaN(cardNumber) || cardNumber <= 0) {
 		return res.status(400).json({ error: 'Invalid card number' });
@@ -114,7 +139,7 @@ router.patch('/:cardNumber', async (req, res) => { // Update ACL entry. Fail if
 	}
 });
 
-router.delete('/:cardNumber', async (req, res) => { // Delete ACL entry. Fail if cardNumber does not exist
+router.get('/delete/:cardNumber', async (req, res) => { // Delete ACL entry. Fail if cardNumber does not exist
 	const cardNumber = parseInt(req.params.cardNumber);
 	if (isNaN(cardNumber) || cardNumber <= 0) {
 		return res.status(400).json({ error: 'Invalid card number' });
diff --git a/views/acl-edit.ejs b/views/acl-edit.ejs
new file mode 100644
index 0000000..0a995fb
--- /dev/null
+++ b/views/acl-edit.ejs
@@ -0,0 +1,66 @@
+<%
+// Assume aclEntry is passed to this view with all fields
+// doorsList is an array of door names, e.g. ['Door1', 'Door2', ...]
+%>
+<form id="acl-edit-form" method="post" action="/acl/<%= aclEntry.CardNumber %>?_method=PATCH">
+	<div>
+		<label for="Name">Name:</label>
+		<input type="text" id="Name" name="Name" value="<%= aclEntry.Name %>" required>
+	</div>
+	<div>
+		<label for="CardNumber">Card Number:</label>
+		<input type="text" id="CardNumber" name="CardNumber" value="<%= aclEntry.CardNumber %>" readonly>
+	</div>
+	<div>
+		<label for="PIN">PIN:</label>
+		<input type="text" id="PIN" name="PIN" value="<%= aclEntry.PIN %>">
+	</div>
+	<div>
+		<label for="StartDate">Start Date:</label>
+		<input type="date" id="StartDate" name="StartDate" value="<%= aclEntry.StartDate %>">
+	</div>
+	<div>
+		<label for="EndDate">End Date:</label>
+		<input type="date" id="EndDate" name="EndDate" value="<%= aclEntry.EndDate %>">
+	</div>
+	<fieldset>
+		<legend>Doors</legend>
+		<% doorsList.forEach(function(door) { %>
+			<div>
+				<label>
+					<input type="checkbox" name="doors[<%= door %>]" value="1"
+						<% if (aclEntry.doors && aclEntry.doors[door]) { %> checked <% } %> >
+					<%= door %>
+				</label>
+			</div>
+		<% }) %>
+	</fieldset>
+	<button type="submit">Save</button>
+</form>
+
+<script>
+document.getElementById('acl-edit-form').addEventListener('submit', function(e) {
+	e.preventDefault();
+	const form = e.target;
+	const formData = new FormData(form);
+	const data = {
+		Name: formData.get('Name'),
+		CardNumber: formData.get('CardNumber'),
+		PIN: formData.get('PIN'),
+		StartDate: formData.get('StartDate'),
+		EndDate: formData.get('EndDate'),
+		doors: {}
+	};
+	<% doorsList.forEach(function(door) { %>
+		data.doors['<%= door %>'] = formData.get('doors[<%= door %>]') ? 1 : 0;
+	<% }) %>
+	fetch(form.action, {
+		method: 'PATCH',
+		headers: { 'Content-Type': 'application/json' },
+		body: JSON.stringify(data)
+	}).then(res => {
+		if (res.ok) window.location.href = '/acl';
+		else alert('Failed to update ACL entry');
+	});
+});
+</script>
\ No newline at end of file
diff --git a/views/acl.ejs b/views/acl.ejs
index 3427ba2..83ebf07 100644
--- a/views/acl.ejs
+++ b/views/acl.ejs
@@ -55,6 +55,7 @@
 				%>
 					<th><%= door %></th>
 				<% }); %>
+				<th>Actions</th>
 			</tr>
 		</thead>
 		<tbody>
@@ -74,6 +75,10 @@
 							<% } %>
 						</td>
 					<% }); %>
+					<td>
+						<a href="/acl/edit/<%= row.CardNumber %>">Edit</a> |
+						<a href="/acl/delete/<%= row.CardNumber %>" onclick="return confirm('Are you sure you want to delete this entry?');">Delete</a>
+					</td>
 				</tr>
 			<% }); %>
 		</tbody>