diff --git a/report/src/main/java/cz/muni/fi/pa165/report/server/config/AppConfig.java b/report/src/main/java/cz/muni/fi/pa165/report/server/config/AppConfig.java
index 31261c2c45d87a76aece801bbfe5f79bba5f8b29..e5c3a4299a9aeb80b84b467e021bf24e847194d0 100644
--- a/report/src/main/java/cz/muni/fi/pa165/report/server/config/AppConfig.java
+++ b/report/src/main/java/cz/muni/fi/pa165/report/server/config/AppConfig.java
@@ -1,5 +1,6 @@
 package cz.muni.fi.pa165.report.server.config;
 
+import cz.muni.fi.pa165.user.client.Authorities;
 import cz.muni.fi.pa165.user.client.UserServiceInterceptionConfigurer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -21,8 +22,8 @@ public class AppConfig {
                         .requestMatchers("/v3/api-docs/**").permitAll()
                         .requestMatchers(HttpMethod.GET, "/").permitAll()
                         .requestMatchers(HttpMethod.GET, "/swagger-ui.html").permitAll()
-                        // default
-                        .anyRequest().authenticated()
+                        // Manager has access to all reports
+                        .anyRequest().hasAuthority(Authorities.MANAGER)
                 )
                 .oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
         return http.build();