diff --git a/DamageAssesmentApi/DamageAssesment.Api.Employees/Controllers/EmployeesController.cs b/DamageAssesmentApi/DamageAssesment.Api.Employees/Controllers/EmployeesController.cs
index 7ba9f56..f247d17 100644
--- a/DamageAssesmentApi/DamageAssesment.Api.Employees/Controllers/EmployeesController.cs
+++ b/DamageAssesmentApi/DamageAssesment.Api.Employees/Controllers/EmployeesController.cs
@@ -19,7 +19,7 @@ namespace DamageAssesment.Api.Employees.Controllers
         /// <summary>
         /// GET request for retrieving employees.
         /// </summary>
-       // [Authorize(Roles = "admin")]
+        [Authorize(Roles = "admin")]
         [HttpGet("employees")]
         public async Task<ActionResult> GetEmployeesAsync()
         {
@@ -36,7 +36,7 @@ namespace DamageAssesment.Api.Employees.Controllers
         /// <summary>
         /// GET request for retrieving an employee by ID.
         /// </summary>
-       // [Authorize(Roles = "admin")]
+        [Authorize(Roles = "admin")]
         [HttpGet("employees/{id}")]
         public async Task<ActionResult> GetEmployeeByIdAsync(int id)
         {
diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Controllers/UsersAccessController.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Controllers/UsersAccessController.cs
index c17ec40..c5a5c2d 100644
--- a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Controllers/UsersAccessController.cs
+++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Controllers/UsersAccessController.cs
@@ -24,7 +24,7 @@ namespace DamageAssesment.Api.UsersAccess.Controllers
         //    }
         //    return Unauthorized(result.ErrorMessage);
        // }
-       // [Authorize(Policy = "Dadeschools")]
+        [Authorize(Policy = "Dadeschools")]
         [HttpPost("token/{employecode}")]
         public async Task<ActionResult> AuthenticateAsync(string employecode)
         {
@@ -36,7 +36,7 @@ namespace DamageAssesment.Api.UsersAccess.Controllers
               return Unauthorized(result.ErrorMessage);
         }
 
-       // [Authorize(Policy = "Dadeschools")]
+        [Authorize(Policy = "Dadeschools")]
         [HttpPost("refreshtoken")]
         public async Task<ActionResult> RefreshTokenAsync(TokenResponse tokenResponse)
         {
@@ -48,7 +48,7 @@ namespace DamageAssesment.Api.UsersAccess.Controllers
             return Unauthorized(result.ErrorMessage);
         }
 
-   //     [Authorize(Policy = "DamageApp", Roles ="admin")]
+        [Authorize(Policy = "DamageApp", Roles = "admin")]
         [HttpGet("users")]
         public async Task<ActionResult> GetUsersAsync()
         {
@@ -60,7 +60,7 @@ namespace DamageAssesment.Api.UsersAccess.Controllers
             return NoContent();
         }
 
-      //  [Authorize(Policy = "DamageApp", Roles = "admin")]
+        [Authorize(Policy = "DamageApp", Roles = "admin")]
         [HttpGet("users/{Id}")]
         public async Task<ActionResult> GetUsersAsync(int Id)
         {
@@ -72,7 +72,7 @@ namespace DamageAssesment.Api.UsersAccess.Controllers
             return NotFound();
         }
 
-     //   [Authorize(Policy = "DamageApp", Roles = "admin")]
+        [Authorize(Policy = "DamageApp", Roles = "admin")]
         [HttpGet("roles")]
         public async Task<ActionResult> GetRolesAsync()
         {
@@ -83,7 +83,7 @@ namespace DamageAssesment.Api.UsersAccess.Controllers
             }
             return NoContent();
         }
-   //     [Authorize(Policy = "DamageApp", Roles = "admin")]
+        [Authorize(Policy = "DamageApp", Roles = "admin")]
         [HttpPost("users")]
         public async Task<ActionResult> PostUserAsync(User user)
         {
@@ -95,7 +95,7 @@ namespace DamageAssesment.Api.UsersAccess.Controllers
             return BadRequest(result.ErrorMessage);
         }
 
-    //    [Authorize(Policy = "DamageApp", Roles = "admin")]
+        [Authorize(Policy = "DamageApp", Roles = "admin")]
         [HttpPut("users/{Id}")]
         public async Task<ActionResult> PutUserAsync(int Id, User user)
         {
@@ -110,7 +110,7 @@ namespace DamageAssesment.Api.UsersAccess.Controllers
             return BadRequest(result.ErrorMessage);
         }
 
-   //     [Authorize(Policy = "DamageApp", Roles = "admin")]
+        [Authorize(Policy = "DamageApp", Roles = "admin")]
         [HttpDelete("users/{Id}")]
         public async Task<ActionResult> DeleteUserAsync(int Id)
         {
diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/appsettings.json b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/appsettings.json
index ca3c7b8..8ff9385 100644
--- a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/appsettings.json
+++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/appsettings.json
@@ -24,8 +24,8 @@
     "TokenUrl": "https://dev-graph.dadeschools.net/connect/token",
     "ClientId": "dmapi",
     "ClientSecret": "bfce2c8d-2064-4a02-b19d-7f1d42b16eae",
-    "TokenClientId": "damage_assessment_postman",
-    "TokenClientSecret": "e4774164-f018-44c9-b9d2-3a29fc21db3c",
+    //"TokenClientId": "damage_assessment_postman",
+    //"TokenClientSecret": "e4774164-f018-44c9-b9d2-3a29fc21db3c",
     "scope": "openid profile",
     "grant_type": "password",
     "Name": "Dadeschools Identity Server"