diff --git a/src/ApiResource/EmployeeLeaveSummary.php b/src/ApiResource/EmployeeLeaveSummary.php
index cd44a40..49f2832 100644
--- a/src/ApiResource/EmployeeLeaveSummary.php
+++ b/src/ApiResource/EmployeeLeaveSummary.php
@@ -12,7 +12,7 @@ use App\State\EmployeeLeaveSummaryProvider;
     operations: [
         new Get(
             uriTemplate: '/employees/{id}/leave-summary',
-            security: "is_granted('ROLE_USER')",
+            security: "is_granted('ROLE_ADMIN')",
             provider: EmployeeLeaveSummaryProvider::class
         ),
     ],
diff --git a/src/ApiResource/EmployeeRttSummary.php b/src/ApiResource/EmployeeRttSummary.php
index 4f61595..4a7ebe3 100644
--- a/src/ApiResource/EmployeeRttSummary.php
+++ b/src/ApiResource/EmployeeRttSummary.php
@@ -14,7 +14,7 @@ use App\State\EmployeeRttSummaryProvider;
     operations: [
         new Get(
             uriTemplate: '/employees/{id}/rtt-summary',
-            security: "is_granted('ROLE_USER')",
+            security: "is_granted('ROLE_ADMIN')",
             provider: EmployeeRttSummaryProvider::class
         ),
     ],
diff --git a/src/Entity/Bonus.php b/src/Entity/Bonus.php
index c1e3186..2ccf78c 100644
--- a/src/Entity/Bonus.php
+++ b/src/Entity/Bonus.php
@@ -21,10 +21,10 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[ApiResource(
     operations: [
         new Get(
-            security: "is_granted('ROLE_USER')"
+            security: "is_granted('ROLE_ADMIN')"
         ),
         new GetCollection(
-            security: "is_granted('ROLE_USER')"
+            security: "is_granted('ROLE_ADMIN')"
         ),
         new Post(
             security: "is_granted('ROLE_ADMIN')"
diff --git a/src/Entity/MileageAllowance.php b/src/Entity/MileageAllowance.php
index ef0ddc6..d2f34c3 100644
--- a/src/Entity/MileageAllowance.php
+++ b/src/Entity/MileageAllowance.php
@@ -24,10 +24,10 @@ use Symfony\Component\Serializer\Attribute\Groups;
 #[ApiResource(
     operations: [
         new Get(
-            security: "is_granted('ROLE_USER')"
+            security: "is_granted('ROLE_ADMIN')"
         ),
         new GetCollection(
-            security: "is_granted('ROLE_USER')"
+            security: "is_granted('ROLE_ADMIN')"
         ),
         new Post(
             security: "is_granted('ROLE_ADMIN')"
@@ -47,7 +47,7 @@ use Symfony\Component\Serializer\Attribute\Groups;
         ),
         new Get(
             uriTemplate: '/mileage_allowances/{id}/receipt',
-            security: "is_granted('ROLE_USER')",
+            security: "is_granted('ROLE_ADMIN')",
             provider: MileageAllowanceReceiptDownloadProvider::class,
         ),
     ],