diff --git a/userman_all/server/src/server.ts b/userman_all/server/src/server.ts
index 0d7546d538d228ca0f8a19cc045131c7caa787e1..4f4ee33678e41f935d3992e2a5f6aba60b30f19c 100644
--- a/userman_all/server/src/server.ts
+++ b/userman_all/server/src/server.ts
@@ -102,6 +102,16 @@ function isLoggedIn(req: Request, res: Response, next: NextFunction) {
   }
 }
 
+function isLoggedAdmin(req: Request, res: Response, next: NextFunction) {
+  if (req.session.user != null && req.session.user.role === 'admin') {
+    next();
+  } else {
+    res.status(401).send({
+      message: 'sorry, du bist kein Admin :(',
+    })
+  }
+}
+
 //HTTP-Routen
 /*****************************************************************************
  * HTTP ROUTES: LOGIN                                                        *
@@ -605,7 +615,7 @@ app.put('/user', isLoggedIn, async (req: Request, res: Response): Promise<void>
 });
 
 // update route admin
-app.put('/user/:userId', isLoggedIn, async (req: Request, res: Response): Promise<void> => {
+app.put('/user/:userId', isLoggedAdmin, async (req: Request, res: Response): Promise<void> => {
   console.log(req.body);
   // Read data from request
   const userId: number = parseInt(req.params.userId);
@@ -690,7 +700,7 @@ app.put('/user/:userId', isLoggedIn, async (req: Request, res: Response): Promis
  *     }
  */
 
-app.delete('/user/:userId', isLoggedIn, async (req: Request, res: Response): Promise<void> => {
+app.delete('/user/:userId', isLoggedAdmin, async (req: Request, res: Response): Promise<void> => {
   // Read data from request
   const userId: number = parseInt(req.params.userId);
   // Delete user
@@ -834,7 +844,7 @@ app.delete('/user', isLoggedIn, async (req: Request, res: Response): Promise<voi
 //stellt sicher, dass nur eingeloggte Benutzer Zugriff auf die Benutzerliste haben.
 // Die Route ruft alle Benutzer aus der Tabelle user in der Datenbank ab.
 // Sie wandelt die Ergebnisse der Datenbank in ein standardisiertes Format (User-Objekte) um.
-app.get('/users', isLoggedIn, async (req: Request, res: Response): Promise<void> => {
+app.get('/users', isLoggedAdmin, async (req: Request, res: Response): Promise<void> => {
   // Send user list to client
   const query: string = 'SELECT * FROM user;';