diff --git a/control-panel/src/main/java/ru/dragonestia/picker/cp/model/Account.java b/control-panel/src/main/java/ru/dragonestia/picker/cp/model/Account.java
index 053a412..6a9fd9b 100644
--- a/control-panel/src/main/java/ru/dragonestia/picker/cp/model/Account.java
+++ b/control-panel/src/main/java/ru/dragonestia/picker/cp/model/Account.java
@@ -20,6 +20,7 @@ public class Account implements IAccount, UserDetails {
         this.original = original;
         this.client = client;
         permissions = original.getPermissions().stream().map(permission -> new Permission("ROLE_" + permission)).collect(Collectors.toSet());
+        permissions.add(new Permission("ROLE_USER"));
     }
 
     public @NotNull RoomPickerClient getClient() {
diff --git a/control-panel/src/main/java/ru/dragonestia/picker/cp/page/NodeDetailsPage.java b/control-panel/src/main/java/ru/dragonestia/picker/cp/page/NodeDetailsPage.java
index 197e0dd..ef9eabd 100644
--- a/control-panel/src/main/java/ru/dragonestia/picker/cp/page/NodeDetailsPage.java
+++ b/control-panel/src/main/java/ru/dragonestia/picker/cp/page/NodeDetailsPage.java
@@ -8,7 +8,7 @@ import com.vaadin.flow.router.BeforeEnterEvent;
 import com.vaadin.flow.router.BeforeEnterObserver;
 import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
-import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import ru.dragonestia.picker.api.impl.RoomPickerClient;
@@ -20,7 +20,7 @@ import ru.dragonestia.picker.cp.util.RouteParamsExtractor;
 
 @Getter
 @RequiredArgsConstructor
-@PermitAll
+@RolesAllowed("USER")
 @PageTitle("Rooms")
 @Route(value = "/nodes/:nodeId", layout = MainLayout.class)
 public class NodeDetailsPage extends VerticalLayout implements BeforeEnterObserver {
diff --git a/control-panel/src/main/java/ru/dragonestia/picker/cp/page/NodesPage.java b/control-panel/src/main/java/ru/dragonestia/picker/cp/page/NodesPage.java
index 1ba5d06..a6b7dd1 100644
--- a/control-panel/src/main/java/ru/dragonestia/picker/cp/page/NodesPage.java
+++ b/control-panel/src/main/java/ru/dragonestia/picker/cp/page/NodesPage.java
@@ -5,7 +5,7 @@ import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
 import com.vaadin.flow.router.RouteAlias;
-import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 import org.springframework.beans.factory.annotation.Autowired;
 import ru.dragonestia.picker.api.exception.ApiException;
 import ru.dragonestia.picker.api.impl.RoomPickerClient;
@@ -15,7 +15,7 @@ import ru.dragonestia.picker.cp.component.NodeList;
 import ru.dragonestia.picker.cp.component.RegisterNode;
 import ru.dragonestia.picker.cp.service.SecurityService;
 
-@PermitAll
+@RolesAllowed("USER")
 @PageTitle("Nodes")
 @RouteAlias(value = "/", layout = MainLayout.class)
 @Route(value = "/nodes", layout = MainLayout.class)
diff --git a/control-panel/src/main/java/ru/dragonestia/picker/cp/page/RoomDetailsPage.java b/control-panel/src/main/java/ru/dragonestia/picker/cp/page/RoomDetailsPage.java
index 7368622..5d471d1 100644
--- a/control-panel/src/main/java/ru/dragonestia/picker/cp/page/RoomDetailsPage.java
+++ b/control-panel/src/main/java/ru/dragonestia/picker/cp/page/RoomDetailsPage.java
@@ -13,7 +13,7 @@ import com.vaadin.flow.router.BeforeEnterEvent;
 import com.vaadin.flow.router.BeforeEnterObserver;
 import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
-import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 import lombok.RequiredArgsConstructor;
 import ru.dragonestia.picker.api.impl.RoomPickerClient;
 import ru.dragonestia.picker.api.model.node.INode;
@@ -32,7 +32,7 @@ import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.stream.Collectors;
 
 @RequiredArgsConstructor
-@PermitAll
+@RolesAllowed("USER")
 @PageTitle("Room details")
 @Route(value = "/nodes/:nodeId/rooms/:roomId", layout = MainLayout.class)
 public class RoomDetailsPage extends VerticalLayout implements BeforeEnterObserver {
diff --git a/control-panel/src/main/java/ru/dragonestia/picker/cp/page/UserDetailsPage.java b/control-panel/src/main/java/ru/dragonestia/picker/cp/page/UserDetailsPage.java
index b6395e0..cbb921c 100644
--- a/control-panel/src/main/java/ru/dragonestia/picker/cp/page/UserDetailsPage.java
+++ b/control-panel/src/main/java/ru/dragonestia/picker/cp/page/UserDetailsPage.java
@@ -11,7 +11,7 @@ import com.vaadin.flow.router.BeforeEnterEvent;
 import com.vaadin.flow.router.BeforeEnterObserver;
 import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
-import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 import lombok.RequiredArgsConstructor;
 import ru.dragonestia.picker.api.impl.RoomPickerClient;
 import ru.dragonestia.picker.api.model.room.RoomDetails;
@@ -25,7 +25,7 @@ import java.util.List;
 import java.util.Objects;
 
 @RequiredArgsConstructor
-@PermitAll
+@RolesAllowed("USER")
 @PageTitle("User details")
 @Route(value = "/users/:userId", layout = MainLayout.class)
 public class UserDetailsPage extends VerticalLayout implements BeforeEnterObserver, RefreshableTable {
diff --git a/control-panel/src/main/java/ru/dragonestia/picker/cp/page/UserSearchPage.java b/control-panel/src/main/java/ru/dragonestia/picker/cp/page/UserSearchPage.java
index 7fa2660..e3dbd3a 100644
--- a/control-panel/src/main/java/ru/dragonestia/picker/cp/page/UserSearchPage.java
+++ b/control-panel/src/main/java/ru/dragonestia/picker/cp/page/UserSearchPage.java
@@ -13,7 +13,7 @@ import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.component.textfield.TextField;
 import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
-import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
 import org.springframework.beans.factory.annotation.Autowired;
 import ru.dragonestia.picker.api.impl.RoomPickerClient;
 import ru.dragonestia.picker.api.model.user.IUser;
@@ -27,7 +27,7 @@ import java.util.LinkedList;
 import java.util.List;
 import java.util.Objects;
 
-@PermitAll
+@RolesAllowed("USER")
 @PageTitle("Search users")
 @Route(value = "/users", layout = MainLayout.class)
 public class UserSearchPage extends VerticalLayout implements RefreshableTable {