diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index e0e0654..d286b02 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -4,15 +4,10 @@
     <option name="autoReloadType" value="SELECTIVE" />
   </component>
   <component name="ChangeListManager">
-    <list default="true" id="067ac1f0-be04-4fe4-85c6-f870334053b8" name="Changes" comment="AUTHORIZATION WORK!">
-      <change afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/controller/AdminController.java" afterDir="false" />
+    <list default="true" id="067ac1f0-be04-4fe4-85c6-f870334053b8" name="Changes" comment="create new endpoints (employee edit)">
       <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/README.md" beforeDir="false" afterPath="$PROJECT_DIR$/README.md" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/src/main/java/com/example/nto/controller/AuthController.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/controller/AuthController.java" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/src/main/java/com/example/nto/controller/EmployeeController.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/controller/EmployeeController.java" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/src/main/java/com/example/nto/repository/EmployeeRepository.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/repository/EmployeeRepository.java" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/src/main/java/com/example/nto/service/EmployeeService.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/service/EmployeeService.java" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/src/main/java/com/example/nto/controller/AdminController.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/controller/AdminController.java" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/src/main/java/com/example/nto/websecurity/WebSecurityConfig.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/websecurity/WebSecurityConfig.java" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
@@ -40,7 +35,7 @@
   </component>
   <component name="PropertiesComponent"><![CDATA[{
   "keyToString": {
-    "Application.App.executor": "Debug",
+    "Application.App.executor": "Run",
     "Maven.NTO-2024 [org.apache.maven.plugins:maven-clean-plugin:3.1.0:clean].executor": "Run",
     "RunOnceActivity.ShowReadmeOnStart": "true",
     "RunOnceActivity.git.unshallow": "true",
@@ -154,7 +149,15 @@
       <option name="project" value="LOCAL" />
       <updated>1739978089147</updated>
     </task>
-    <option name="localTasksCounter" value="8" />
+    <task id="LOCAL-00008" summary="create new endpoints (employee edit)">
+      <option name="closed" value="true" />
+      <created>1740037639602</created>
+      <option name="number" value="00008" />
+      <option name="presentableId" value="LOCAL-00008" />
+      <option name="project" value="LOCAL" />
+      <updated>1740037639602</updated>
+    </task>
+    <option name="localTasksCounter" value="9" />
     <servers />
   </component>
   <component name="VcsManagerConfiguration">
@@ -165,7 +168,8 @@
     <MESSAGE value="websecurity configs" />
     <MESSAGE value="промежуточные итоги :skull:" />
     <MESSAGE value="AUTHORIZATION WORK!" />
-    <option name="LAST_COMMIT_MESSAGE" value="AUTHORIZATION WORK!" />
+    <MESSAGE value="create new endpoints (employee edit)" />
+    <option name="LAST_COMMIT_MESSAGE" value="create new endpoints (employee edit)" />
   </component>
   <component name="XDebuggerManager">
     <breakpoint-manager>
@@ -190,16 +194,6 @@
           <line>70</line>
           <option name="timeStamp" value="26" />
         </line-breakpoint>
-        <line-breakpoint enabled="true" type="java-line">
-          <url>file://$PROJECT_DIR$/src/main/java/com/example/nto/websecurity/WebSecurityConfig.java</url>
-          <line>49</line>
-          <option name="timeStamp" value="40" />
-        </line-breakpoint>
-        <line-breakpoint enabled="true" type="java-line">
-          <url>file://$PROJECT_DIR$/src/main/java/com/example/nto/controller/AdminController.java</url>
-          <line>79</line>
-          <option name="timeStamp" value="41" />
-        </line-breakpoint>
       </breakpoints>
     </breakpoint-manager>
   </component>
diff --git a/src/main/java/com/example/nto/controller/AdminController.java b/src/main/java/com/example/nto/controller/AdminController.java
index 5c54e01..c1cdbbf 100644
--- a/src/main/java/com/example/nto/controller/AdminController.java
+++ b/src/main/java/com/example/nto/controller/AdminController.java
@@ -12,6 +12,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
 
+import javax.annotation.security.RolesAllowed;
+
 @Controller
 @RequestMapping("/api/admin/")
 public class AdminController {
@@ -58,20 +60,20 @@ public class AdminController {
      * Такой же метод, как и getEmployeeInfo, только для админов по логину
      * @return
      */
-    @PreAuthorize("hasAnyRole('ADMIN')")
+    @RolesAllowed("ADMIN")
     @GetMapping("/{value}/info")
     public Employee getEmployeeInfoAdmin(@PathVariable String value) {
         return employeeService.getEmployeeInfoById(Long.parseLong(value));
     }
 
-    @PreAuthorize("hasAnyRole('ADMIN')")
+    @RolesAllowed("ADMIN")
     @DeleteMapping("/employee/delete/")
     public ResponseEntity<String> deleteEmployee(@RequestBody DeleteEmployeeRequest deleteEmployeeRequest) {
         employeeService.deleteEmployee(deleteEmployeeRequest.id);
         return ResponseEntity.status(HttpStatus.OK).build();
     }
 
-    @PreAuthorize("hasRole('DOLBOEB')")
+    @RolesAllowed("ADMIN")
     @PutMapping("/employee/update/login/")
     public ResponseEntity<String> updateEmployeeLogin(@RequestBody UpdateEmployeeRequest updateEmployeeRequest) {
 
@@ -81,14 +83,14 @@ public class AdminController {
         return ResponseEntity.status(HttpStatus.OK).build();
     }
 
-    @PreAuthorize("hasAnyRole('ADMIN')")
+    @RolesAllowed("ADMIN")
     @PutMapping("/employee/update/avatar/")
     public ResponseEntity<String> updateEmployeeAvatar(@RequestBody UpdateEmployeeRequest updateEmployeeRequest) {
         employeeService.updateEmployeeAvatar(updateEmployeeRequest.id, updateEmployeeRequest.field);
         return ResponseEntity.status(HttpStatus.OK).build();
     }
 
-    @PreAuthorize("hasAnyRole('ADMIN')")
+    @RolesAllowed("ADMIN")
     @PutMapping("/employee/update/position/")
     public ResponseEntity<String> updatePosition(@RequestBody UpdateEmployeeRequest updateEmployeeRequest) {
         employeeService.updateEmployeePosition(updateEmployeeRequest.id, updateEmployeeRequest.field);
diff --git a/src/main/java/com/example/nto/websecurity/WebSecurityConfig.java b/src/main/java/com/example/nto/websecurity/WebSecurityConfig.java
index f088fe9..9baca6e 100644
--- a/src/main/java/com/example/nto/websecurity/WebSecurityConfig.java
+++ b/src/main/java/com/example/nto/websecurity/WebSecurityConfig.java
@@ -10,6 +10,7 @@ import org.springframework.context.annotation.DependsOn;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -23,6 +24,7 @@ import java.util.List;
 
 @Configuration
 @EnableWebSecurity
+@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Autowired
@@ -78,6 +80,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                 .csrf().disable()
                 .authorizeRequests()
                 .antMatchers("/api/login/").permitAll()
+                .antMatchers("/api/admin/**").hasRole("ADMIN")
                 .anyRequest().authenticated()
                 .and()
                 .formLogin().permitAll()