diff --git a/master.cfg b/master.cfg
index d842699..2344d30 100644
--- a/master.cfg
+++ b/master.cfg
@@ -355,6 +355,14 @@ c['www'] = dict(port=8010,
                          'waterfall_view': {}})
 
 # Access
+from buildbot.www.authz.roles import RolesFromOwner
+from buildbot.www.authz.roles import RolesFromBase
+
+class StrangerRoles(RolesFromBase):
+    def getRolesFromUser(self, userDetails):
+        return ['stranger']
+
+
 authz = util.Authz(
     stringsMatcher=util.fnmatchStrMatcher,  # simple matcher with '*' glob character
     # stringsMatcher = util.reStrMatcher,   # if you prefer regular expressions
@@ -364,13 +372,16 @@ authz = util.Authz(
         util.AnyEndpointMatcher(role="admins", defaultDeny=False),
 
         # Defaulting old config, everyone can stop build.
-        util.StopBuildEndpointMatcher(role="*"),
-        util.ForceBuildEndpointMatcher(builder="*", role="*"),
+        util.StopBuildEndpointMatcher(role="stranger"),
+        util.ForceBuildEndpointMatcher(role="stranger"),
 
         # if future Buildbot implement new control, we are safe with this last rule
         util.AnyControlEndpointMatcher(role="admins")
     ],
-)
+    roleMatchers=[
+        RolesFromOwner(role="owner"),
+        StrangerRoles(),
+    ])
 c['www']['authz'] = authz
 
 # PROJECT IDENTITY