diff --git a/backend/app/routes/users_routes.py b/backend/app/routes/users_routes.py
index 166ad11..d906ea1 100644
--- a/backend/app/routes/users_routes.py
+++ b/backend/app/routes/users_routes.py
@@ -13,7 +13,7 @@ from flask_jwt_extended import jwt_required
 class Users(Resource):   
     
     @jwt_required()
-    @role_required('admin', 'user')  
+    @role_required('admin')  
     def get(self):
         user_model = UserModel()
         users = user_model.list_users() 
@@ -33,7 +33,7 @@ class User(Resource):
         self.user_model = UserModel()
     
     @jwt_required()
-    @role_required('admin', 'user')
+    @role_required('admin')
     def get(self, user_id):
         if user := self.user_model.get_user_by_id(user_id):  
 
@@ -47,11 +47,14 @@ class User(Resource):
     
     @user_ns.expect(update_user)
     @jwt_required()
-    @role_required('admin', 'user')
+    @role_required('admin')
     def patch(self, user_id):
         data = request.get_json()
 
-        validated = UpdateUserRequest(**data)
+        validated = UpdateUserRequest(**data) 
+        
+        if exist := self.user_model.find_by_email(validated.email):
+            return {"success": False, 'message': f'Email {exist["email"]} belong to another user'}, 400  
         
         if not self.user_model.get_user_by_id(user_id):
             return {"success": False, 'message': 'User not found'}, 404  
@@ -64,7 +67,7 @@ class User(Resource):
     
     
     @jwt_required()
-    @role_required('admin', 'user')
+    @role_required('admin')
     def delete(self, user_id):    
         
         if not self.user_model.get_user_by_id(user_id):