diff --git a/src/main/java/org/runimo/runimo/config/SecurityConfig.java b/src/main/java/org/runimo/runimo/config/SecurityConfig.java
index 3c28387..fc85d17 100644
--- a/src/main/java/org/runimo/runimo/config/SecurityConfig.java
+++ b/src/main/java/org/runimo/runimo/config/SecurityConfig.java
@@ -29,7 +29,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
             )
             .authorizeHttpRequests(authorize -> authorize
                 .requestMatchers("/api/v1/auth/**").permitAll()
+                .requestMatchers("/api/v1/users/**").hasAnyRole("USER", "ADMIN")
                 .requestMatchers("/checker/**").permitAll()
+                .requestMatchers("/actuator/**").permitAll()
                 .requestMatchers(("/error")).permitAll()
                 .anyRequest().authenticated()
             )
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index d570837..fa6c959 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -97,6 +97,7 @@ management:
     web:
       exposure:
         include: health,info,prometheus
+        exclude: env,heapdump,threaddump
   prometheus:
     metrics:
       export: