diff --git a/src/main/java/github/benjamin/equipreservebackend/controller/DeviceController.java b/src/main/java/github/benjamin/equipreservebackend/controller/DeviceController.java
index 41cfbc8..8382a88 100644
--- a/src/main/java/github/benjamin/equipreservebackend/controller/DeviceController.java
+++ b/src/main/java/github/benjamin/equipreservebackend/controller/DeviceController.java
@@ -30,7 +30,7 @@ public class DeviceController {
 
     private final ReservationService reservationService;
 
-    @PreAuthorize("hasRole('USER')")
+    @PreAuthorize("hasAnyRole('USER', 'LEADER', 'DEVICE_ADMIN')")
     @GetMapping
     public ResponseResult<Page<DeviceUserVO>> getUserDevices(@RequestParam(defaultValue = "1") Integer page,
                                                              @RequestParam(defaultValue = "10") Integer size,
@@ -40,7 +40,7 @@ public class DeviceController {
         return ResponseResult.success(res);
     }
 
-    @PreAuthorize("hasRole('USER')")
+    @PreAuthorize("hasAnyRole('USER', 'LEADER', 'DEVICE_ADMIN')")
     @GetMapping("/unavailable-times/{id}")
     public ResponseResult<List<TimeRangeVO>> getUnavailableTimes(@PathVariable Long id) {
         List<TimeRangeVO> res = reservationService.getUnavailableTimes(id);
diff --git a/src/main/java/github/benjamin/equipreservebackend/controller/ReservationController.java b/src/main/java/github/benjamin/equipreservebackend/controller/ReservationController.java
index dbdf9fe..eeefb2a 100644
--- a/src/main/java/github/benjamin/equipreservebackend/controller/ReservationController.java
+++ b/src/main/java/github/benjamin/equipreservebackend/controller/ReservationController.java
@@ -29,14 +29,14 @@ public class ReservationController {
 
     private final ReservationService reservationService;
 
-    @PreAuthorize("hasRole('USER')")
+    @PreAuthorize("hasAnyRole('USER', 'LEADER', 'DEVICE_ADMIN')")
     @PostMapping
     public ResponseResult<?> addReservation(@RequestBody Reservation reservation) {
         reservationService.addReservation(reservation);
         return ResponseResult.success();
     }
 
-    @PreAuthorize("hasRole('USER')")
+    @PreAuthorize("hasAnyRole('USER', 'LEADER', 'DEVICE_ADMIN')")
     @GetMapping("/{userId}")
     public ResponseResult<Page<UserReservationVO>> getUserReservation(@PathVariable("userId") Long userId,
                                                                       @RequestParam(defaultValue = "1") Integer page,