diff --git a/backend/src/controllers/UserController.ts b/backend/src/controllers/UserController.ts
index 001d97b..55e9d99 100644
--- a/backend/src/controllers/UserController.ts
+++ b/backend/src/controllers/UserController.ts
@@ -68,7 +68,7 @@ export const update = async (
   req: Request,
   res: Response
 ): Promise<Response> => {
-  if (req.user.profile !== "admin") {
+  if (req.user.profile !== "admin" && sessionUserId !== "user") {
     throw new AppError("ERR_NO_PERMISSION", 403);
   }