You can enable add, delete, etc using the approach from this thread:
For example:
${security.user.isInRole('admin')}