diff --git a/backend/src/router/router.js b/backend/src/router/router.js
index 8e34a9184a2c92b62730099f1b25c4a3e4cd4559..5cf6286940086d911b61fa8c31b394afdbe4d03f 100644
--- a/backend/src/router/router.js
+++ b/backend/src/router/router.js
@@ -11,11 +11,11 @@ module.exports = function(app) {
     app.get('/api/test/admin', [authJwt.verifyToken, authJwt.isAdmin], testController.adminContent);
     app.get('/api/test/member', [authJwt.verifyToken], testController.memberContent);
 
-    app.get('/api/user/all', userController.fetchAll);
-    app.post('/api/user/create', userController.createUser);
-    app.post('/api/user/edit', userController.editUser);
-    app.post('/api/user/delete', userController.deleteUser);
-    app.post('/api/user/detail', userController.viewDetail);
+    app.get('/api/user/all', [authJwt.verifyToken, authJwt.isAdmin], userController.fetchAll);
+    app.post('/api/user/create', [authJwt.verifyToken, authJwt.isAdmin], userController.createUser);
+    app.post('/api/user/edit', [authJwt.verifyToken, authJwt.isAdmin], userController.editUser);
+    app.post('/api/user/delete', [authJwt.verifyToken, authJwt.isAdmin], userController.deleteUser);
+    app.post('/api/user/detail', [authJwt.verifyToken, authJwt.isAdmin], userController.viewDetail);
     // Sample Hello
     var hello = require('../controller/hello')
     app.route('/hello').get(hello.index)