diff --git a/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java b/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java
index 5b90f97..3f2cb1d 100644
--- a/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java
+++ b/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java
@@ -16,7 +16,8 @@ public class WebSecurityConfig {
         http.authorizeHttpRequests((requests) -> requests.requestMatchers("/", "/accueil").permitAll()
                         .requestMatchers("/accueil", "/login", "/inscription", "/searchArticle").permitAll()
                         .requestMatchers("/css/**", "/images/**", "/assets/**", "/img/**", "/js/**").permitAll()
-                        .requestMatchers("/admin").hasRole("ADMIN")
+                        .requestMatchers("/profile").hasRole("MEMBRE")
+                        .requestMatchers("/admin").hasAnyRole("MEMBRE", "ADMIN")
                         .anyRequest().authenticated())
                 .formLogin((form) -> form.loginPage("/login").defaultSuccessUrl("/", true))
                 .logout((logout) -> logout.clearAuthentication(true).invalidateHttpSession(true)