diff --git a/src/main/java/fr/eni/demo/security/SecurityConfig.java b/src/main/java/fr/eni/demo/security/SecurityConfig.java
index 5fbec1a..c0b3ec8 100644
--- a/src/main/java/fr/eni/demo/security/SecurityConfig.java
+++ b/src/main/java/fr/eni/demo/security/SecurityConfig.java
@@ -31,7 +31,7 @@ public class SecurityConfig {
         http
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers("/api/auth").permitAll()
-                        .requestMatchers("/user/**").hasAnyRole("ADMIN")
+                        .requestMatchers("/api/**").hasAnyRole("USER")
                         .anyRequest().denyAll()
                 )
                 .formLogin(Customizer.withDefaults());