diff --git a/tkpurchase/api/routes/scheduleRoutes.js b/tkpurchase/api/routes/scheduleRoutes.js
index 51a4dd6..0ced758 100644
--- a/tkpurchase/api/routes/scheduleRoutes.js
+++ b/tkpurchase/api/routes/scheduleRoutes.js
@@ -14,6 +14,6 @@ router.put('/:id', requirePage('purchasing_schedule'), ctrl.update);
 router.put('/:id/status', requirePage('purchasing_schedule'), ctrl.updateStatus);
 router.put('/:id/approve', requirePage('purchasing_schedule'), ctrl.approveRequest);
 router.put('/:id/reject', requirePage('purchasing_schedule'), ctrl.rejectRequest);
-router.delete('/:id', requireAdmin, ctrl.deleteSchedule);
+router.delete('/:id', requirePage('purchasing_schedule'), ctrl.deleteSchedule);
 
 module.exports = router;
diff --git a/tksafety/api/routes/checklistRoutes.js b/tksafety/api/routes/checklistRoutes.js
index f32cbc6..1161061 100644
--- a/tksafety/api/routes/checklistRoutes.js
+++ b/tksafety/api/routes/checklistRoutes.js
@@ -1,7 +1,7 @@
 const express = require('express');
 const router = express.Router();
 const checklistController = require('../controllers/checklistController');
-const { requireAuth, requireAdmin } = require('../middleware/auth');
+const { requireAuth, requirePage } = require('../middleware/auth');
 
 router.use(requireAuth);
 
@@ -11,8 +11,8 @@ router.get('/weather-conditions', checklistController.getWeatherConditions);
 router.get('/work-types', checklistController.getWorkTypes);
 router.get('/tasks/:workTypeId', checklistController.getTasksByWorkType);
 router.get('/:id', checklistController.getCheckById);
-router.post('/', requireAdmin, checklistController.createCheck);
-router.put('/:id', requireAdmin, checklistController.updateCheck);
-router.delete('/:id', requireAdmin, checklistController.deleteCheck);
+router.post('/', requirePage('safety_checklist'), checklistController.createCheck);
+router.put('/:id', requirePage('safety_checklist'), checklistController.updateCheck);
+router.delete('/:id', requirePage('safety_checklist'), checklistController.deleteCheck);
 
 module.exports = router;
diff --git a/tksafety/api/routes/riskRoutes.js b/tksafety/api/routes/riskRoutes.js
index 2caa0a4..4f7f343 100644
--- a/tksafety/api/routes/riskRoutes.js
+++ b/tksafety/api/routes/riskRoutes.js
@@ -4,7 +4,7 @@ const multer = require('multer');
 const path = require('path');
 const fs = require('fs');
 const riskController = require('../controllers/riskController');
-const { requireAuth, requireAdmin } = require('../middleware/auth');
+const { requireAuth, requirePage } = require('../middleware/auth');
 
 // 업로드 디렉토리 (multer destination에서 lazy 생성)
 const uploadDir = path.join(__dirname, '..', 'uploads', 'risk');
@@ -40,7 +40,7 @@ router.get('/projects', riskController.getAllProjects);
 router.post('/projects', riskController.createProject);
 router.get('/projects/:id', riskController.getProjectById);
 router.patch('/projects/:id', riskController.updateProject);
-router.delete('/projects/:id', requireAdmin, riskController.deleteProject);
+router.delete('/projects/:id', requirePage('safety_risk_assessment'), riskController.deleteProject);
 
 // 세부 공정 추가 (수시 평가용)
 router.post('/projects/:id/processes', riskController.addProcess);
@@ -51,7 +51,7 @@ router.get('/projects/:id/export', riskController.exportExcel);
 // 평가 항목 CRUD
 router.post('/processes/:processId/items', riskController.createItem);
 router.patch('/items/:itemId', riskController.updateItem);
-router.delete('/items/:itemId', requireAdmin, riskController.deleteItem);
+router.delete('/items/:itemId', requirePage('safety_risk_assessment'), riskController.deleteItem);
 
 // 감소대책 CRUD
 router.get('/projects/:id/mitigations', riskController.getMitigations);
diff --git a/tksafety/api/routes/visitRequestRoutes.js b/tksafety/api/routes/visitRequestRoutes.js
index f70fa6d..9067991 100644
--- a/tksafety/api/routes/visitRequestRoutes.js
+++ b/tksafety/api/routes/visitRequestRoutes.js
@@ -1,7 +1,7 @@
 const express = require('express');
 const router = express.Router();
 const visitRequestController = require('../controllers/visitRequestController');
-const { requireAuth, requireAdmin, requirePage } = require('../middleware/auth');
+const { requireAuth, requirePage } = require('../middleware/auth');
 
 router.use(requireAuth);
 
@@ -11,8 +11,8 @@ router.get('/requests', visitRequestController.getAllVisitRequests);
 router.get('/requests/:id', visitRequestController.getVisitRequestById);
 router.put('/requests/:id', requirePage('safety_visit_request'), visitRequestController.updateVisitRequest);
 router.delete('/requests/:id', requirePage('safety_visit_request'), visitRequestController.deleteVisitRequest);
-router.put('/requests/:id/approve', requireAdmin, visitRequestController.approveVisitRequest);
-router.put('/requests/:id/reject', requireAdmin, visitRequestController.rejectVisitRequest);
+router.put('/requests/:id/approve', requirePage('safety_visit_management'), visitRequestController.approveVisitRequest);
+router.put('/requests/:id/reject', requirePage('safety_visit_management'), visitRequestController.rejectVisitRequest);
 
 // Check-in / Check-out
 router.put('/requests/:id/check-in', visitRequestController.checkIn);
@@ -32,16 +32,16 @@ router.get('/departments', visitRequestController.getDepartments);
 // Visit purposes
 router.get('/purposes', visitRequestController.getAllVisitPurposes);
 router.get('/purposes/active', visitRequestController.getActiveVisitPurposes);
-router.post('/purposes', requireAdmin, visitRequestController.createVisitPurpose);
-router.put('/purposes/:id', requireAdmin, visitRequestController.updateVisitPurpose);
-router.delete('/purposes/:id', requireAdmin, visitRequestController.deleteVisitPurpose);
+router.post('/purposes', requirePage('safety_visit_management'), visitRequestController.createVisitPurpose);
+router.put('/purposes/:id', requirePage('safety_visit_management'), visitRequestController.updateVisitPurpose);
+router.delete('/purposes/:id', requirePage('safety_visit_management'), visitRequestController.deleteVisitPurpose);
 
 // Training records
-router.post('/training', requireAdmin, visitRequestController.createTrainingRecord);
+router.post('/training', requirePage('safety_visit_management'), visitRequestController.createTrainingRecord);
 router.get('/training', visitRequestController.getTrainingRecords);
 router.get('/training/request/:requestId', visitRequestController.getTrainingRecordByRequestId);
-router.put('/training/:id', requireAdmin, visitRequestController.updateTrainingRecord);
-router.delete('/training/:id', requireAdmin, visitRequestController.deleteTrainingRecord);
-router.post('/training/:id/complete', requireAdmin, visitRequestController.completeTraining);
+router.put('/training/:id', requirePage('safety_visit_management'), visitRequestController.updateTrainingRecord);
+router.delete('/training/:id', requirePage('safety_visit_management'), visitRequestController.deleteTrainingRecord);
+router.post('/training/:id/complete', requirePage('safety_visit_management'), visitRequestController.completeTraining);
 
 module.exports = router;