diff --git a/users/src/main/java/ba/steleks/security/SecurityConfig.java b/users/src/main/java/ba/steleks/security/SecurityConfig.java
index 4ceec80..587d426 100644
--- a/users/src/main/java/ba/steleks/security/SecurityConfig.java
+++ b/users/src/main/java/ba/steleks/security/SecurityConfig.java
@@ -46,6 +46,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         http.csrf().disable().authorizeRequests()
                 .antMatchers("/accesstoken", "/accesstoken/**", "/").permitAll()
                 .antMatchers(HttpMethod.POST, "/users").permitAll()
+                .antMatchers(HttpMethod.GET, "/users/**/userRoles").hasRole("ADMIN")
+                .antMatchers(HttpMethod.POST, "/users/**/userRoles").hasRole("ADMIN")
+                .antMatchers(HttpMethod.PUT, "/users/**/userRoles").hasRole("ADMIN")
+                .antMatchers(HttpMethod.DELETE, "/users/**/userRoles/*").hasRole("ADMIN")
                 .anyRequest().authenticated()
                 .and()
                 .addFilterBefore(new AuthenticationFilter(tokenStore, usersJpaRepository), CustomUrlUsernamePasswordAuthenticationFilter.class);