diff --git a/backend/src/controllers/UserController.ts b/backend/src/controllers/UserController.ts
index 06d329d..89698da 100644
--- a/backend/src/controllers/UserController.ts
+++ b/backend/src/controllers/UserController.ts
@@ -67,7 +67,7 @@ export const update = async (
   req: Request,
   res: Response
 ): Promise<Response> => {
-  if (req.user.profile !== "admin") {
+  if (req.user.profile !== "admin" && sessionUserId !== "user") {
     throw new AppError("ERR_NO_PERMISSION", 403);
   }