diff --git a/config/install/views.view.contact_messages.yml b/config/install/views.view.contact_messages.yml
index f2b7499..ae55011 100644
--- a/config/install/views.view.contact_messages.yml
+++ b/config/install/views.view.contact_messages.yml
@@ -23,7 +23,7 @@ display:
       access:
         type: perm
         options:
-          perm: 'administer contact forms'
+          perm: 'view contact messages'
       cache:
         type: none
         options: {  }
diff --git a/contact_storage.install b/contact_storage.install
index a406c0f..15c3b79 100644
--- a/contact_storage.install
+++ b/contact_storage.install
@@ -8,6 +8,7 @@
 use Drupal\Core\Config\InstallStorage;
 use Drupal\Core\Config\FileStorage;
 use Drupal\Core\Field\BaseFieldDefinition;
+use Drupal\user\Entity\Role;
 
 /**
  * Implements hook_install().
@@ -120,3 +121,48 @@ function contact_storage_update_8200() {
 function contact_storage_update_8201() {
   \Drupal::service('module_installer')->install(['options']);
 }
+
+/**
+ * Change the view permissions for viewing contact messages.
+ *
+ * We are splitting apart the ability to administer contact forms and the
+ * ability to view contact messages, but we maintain both the access to the
+ * view as well as the ensure the roles that have access to administer contact
+ * forms continue to be able to view contact messages.
+ */
+function contact_storage_update_8202() {
+
+  // Get the current permission needed to view messages.
+  $permission = \Drupal::config('views.view.contact_messages')
+    ->get('display.default.display_options.access.options.perm');
+
+  // Change the view permission to the new view contact messages permission.
+  $config = \Drupal::configFactory()->getEditable('views.view.contact_messages');
+  $config->set('display.default.display_options.access.options.perm', 'view contact messages');
+  $config->save();
+
+  // Maintain access to view contact messages for those who already do.
+  if ($roles = Role::loadMultiple()) {
+    foreach ($roles as $role) {
+      $changed = FALSE;
+
+      // If they can view the view, they can already view contact messages.
+      if ($role->hasPermission($permission)) {
+        $role->grantPermission('view contact messages');
+        $changed = TRUE;
+      }
+
+      // If they can administer contact forms, they can already delete contact
+      // messages.
+      if ($role->hasPermission('administer contact forms')) {
+        $role->grantPermission('delete contact messages');
+        $changed = TRUE;
+      }
+
+      // Only save if a change has been made for efficiency.
+      if ($changed) {
+        $role->save();
+      }
+    }
+  }
+}
diff --git a/contact_storage.module b/contact_storage.module
index 3ed2074..fdae5f2 100644
--- a/contact_storage.module
+++ b/contact_storage.module
@@ -16,6 +16,8 @@ use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Language\LanguageInterface;
 use Drupal\contact\Entity\ContactForm;
 use Drupal\views\Views;
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Session\AccountInterface;
 use Symfony\Component\Validator\Constraints\Url;
 
 /**
@@ -495,3 +497,19 @@ function contact_storage_contact_form_delete(EntityInterface $entity) {
   // Delete all aliases with this contact form as a source.
   \Drupal::service('path.alias_storage')->delete(['source' => '/' . $entity->toUrl('canonical')->getInternalPath()]);
 }
+
+/**
+ * Implements hook_entity_access().
+ */
+function contact_storage_entity_access(EntityInterface $entity, $operation, AccountInterface $account) {
+
+  // Check access to the contact message entity.
+  if ($entity->getEntityTypeId() == 'contact_message') {
+    if ($account->hasPermission($operation . ' contact messages')) {
+      return AccessResult::allowed();
+    }
+  }
+
+  // No opinion.
+  return AccessResult::neutral();
+}
diff --git a/contact_storage.permissions.yml b/contact_storage.permissions.yml
new file mode 100644
index 0000000..5e53ecf
--- /dev/null
+++ b/contact_storage.permissions.yml
@@ -0,0 +1,6 @@
+view contact messages:
+  title: 'View contact messages'
+  description: 'Allow the user to view contact messages'
+delete contact messages:
+  title: 'Delete contact messages'
+  description: 'Allow the user to delete contact messages'
diff --git a/src/Tests/ContactStorageTest.php b/src/Tests/ContactStorageTest.php
index 2e565f1..957580f 100644
--- a/src/Tests/ContactStorageTest.php
+++ b/src/Tests/ContactStorageTest.php
@@ -40,6 +40,9 @@ class ContactStorageTest extends ContactStorageTestBase {
     'filter',
   );
 
+  /**
+   * Set up the blocks and user for the test.
+   */
   protected function setUp() {
     parent::setUp();
 
@@ -63,6 +66,8 @@ class ContactStorageTest extends ContactStorageTestBase {
       'administer contact_message form display',
       'administer contact_message display',
       'use text format full_html',
+      'view contact messages',
+      'delete contact messages',
     ]);
     $this->drupalLogin($this->adminUser);
   }
@@ -359,6 +364,9 @@ class ContactStorageTest extends ContactStorageTestBase {
     $this->assertFalse($alias);
   }
 
+  /**
+   * Test maximum submission limit.
+   */
   public function testMaximumSubmissionLimit() {
     // Create a new contact form with a maximum submission limit of 2.
     $this->addContactForm('test_id_3', 'test_label', 'simpletest@example.com', FALSE, ['contact_storage_maximum_submissions_user' => 2]);