diff --git a/user-management/api/routes/consumableItemRoutes.js b/user-management/api/routes/consumableItemRoutes.js
index dec6449..deaa658 100644
--- a/user-management/api/routes/consumableItemRoutes.js
+++ b/user-management/api/routes/consumableItemRoutes.js
@@ -1,6 +1,9 @@
 const express = require('express');
 const router = express.Router();
-const { requireAuth, requireAdmin } = require('../middleware/auth');
+const { requireAuth } = require('../middleware/auth');
+const { createRequirePage } = require('../../../shared/middleware/pagePermission');
+const { getPool } = require('../../shared/config/database');
+const requirePage = createRequirePage(getPool);
 const ctrl = require('../controllers/consumableItemController');
 const { consumableUpload } = require('../middleware/upload');
 
@@ -8,8 +11,8 @@ router.use(requireAuth);
 
 router.get('/', ctrl.list);
 router.get('/:id', ctrl.getById);
-router.post('/', requireAdmin, consumableUpload.single('photo'), ctrl.create);
-router.put('/:id', requireAdmin, consumableUpload.single('photo'), ctrl.update);
-router.delete('/:id', requireAdmin, ctrl.deactivate);
+router.post('/', requirePage('tkuser.consumables'), consumableUpload.single('photo'), ctrl.create);
+router.put('/:id', requirePage('tkuser.consumables'), consumableUpload.single('photo'), ctrl.update);
+router.delete('/:id', requirePage('tkuser.consumables'), ctrl.deactivate);
 
 module.exports = router;
diff --git a/user-management/api/routes/equipmentRoutes.js b/user-management/api/routes/equipmentRoutes.js
index 0eab077..393863f 100644
--- a/user-management/api/routes/equipmentRoutes.js
+++ b/user-management/api/routes/equipmentRoutes.js
@@ -5,7 +5,10 @@
 const express = require('express');
 const router = express.Router();
 const equipmentController = require('../controllers/equipmentController');
-const { requireAuth, requireAdmin } = require('../middleware/auth');
+const { requireAuth } = require('../middleware/auth');
+const { createRequirePage } = require('../../../shared/middleware/pagePermission');
+const { getPool } = require('../../shared/config/database');
+const requirePage = createRequirePage(getPool);
 const upload = require('../middleware/upload');
 
 // 고정 경로를 /:id 보다 먼저 등록
@@ -13,20 +16,20 @@ router.get('/types', requireAuth, equipmentController.getTypes);
 router.get('/next-code', requireAuth, equipmentController.getNextCode);
 router.get('/workplace/:workplaceId', requireAuth, equipmentController.getByWorkplace);
 // 사진 삭제 (photo_id만으로)
-router.delete('/photos/:photoId', requireAdmin, equipmentController.deletePhoto);
+router.delete('/photos/:photoId', requirePage('tkuser.equipments'), equipmentController.deletePhoto);
 
 // 기본 CRUD
 router.get('/', requireAuth, equipmentController.getAll);
 router.get('/:id', requireAuth, equipmentController.getById);
-router.post('/', requireAdmin, equipmentController.create);
-router.put('/:id', requireAdmin, equipmentController.update);
-router.delete('/:id', requireAdmin, equipmentController.remove);
+router.post('/', requirePage('tkuser.equipments'), equipmentController.create);
+router.put('/:id', requirePage('tkuser.equipments'), equipmentController.update);
+router.delete('/:id', requirePage('tkuser.equipments'), equipmentController.remove);
 
 // 지도 위치
-router.patch('/:id/map-position', requireAdmin, equipmentController.updateMapPosition);
+router.patch('/:id/map-position', requirePage('tkuser.equipments'), equipmentController.updateMapPosition);
 
 // 사진
-router.post('/:id/photos', requireAdmin, upload.single('photo'), equipmentController.addPhoto);
+router.post('/:id/photos', requirePage('tkuser.equipments'), upload.single('photo'), equipmentController.addPhoto);
 router.get('/:id/photos', requireAuth, equipmentController.getPhotos);
 
 module.exports = router;
diff --git a/user-management/api/routes/partnerRoutes.js b/user-management/api/routes/partnerRoutes.js
index d86d04b..6e4f514 100644
--- a/user-management/api/routes/partnerRoutes.js
+++ b/user-management/api/routes/partnerRoutes.js
@@ -1,14 +1,17 @@
 const express = require('express');
 const router = express.Router();
-const { requireAuth, requireAdmin, requireAdminOrPermission } = require('../middleware/auth');
+const { requireAuth } = require('../middleware/auth');
+const { createRequirePage } = require('../../../shared/middleware/pagePermission');
+const { getPool } = require('../../shared/config/database');
+const requirePage = createRequirePage(getPool);
 const ctrl = require('../controllers/partnerController');
-const partnerPerm = requireAdminOrPermission('tkuser.partners');
+const partnerPerm = requirePage('tkuser.partners');
 
 router.use(requireAuth);
 
 router.get('/', ctrl.list);
-router.get('/:id/delete-info', requireAdmin, ctrl.getDeleteInfo);
-router.delete('/:id/permanent', requireAdmin, ctrl.permanentDelete);
+router.get('/:id/delete-info', requirePage('tkuser.partners'), ctrl.getDeleteInfo);
+router.delete('/:id/permanent', requirePage('tkuser.partners'), ctrl.permanentDelete);
 router.get('/:id', ctrl.getById);
 router.post('/', partnerPerm, ctrl.create);
 router.put('/:id', partnerPerm, ctrl.update);
diff --git a/user-management/api/routes/vendorRoutes.js b/user-management/api/routes/vendorRoutes.js
index 31e0877..dc0b5ae 100644
--- a/user-management/api/routes/vendorRoutes.js
+++ b/user-management/api/routes/vendorRoutes.js
@@ -1,14 +1,17 @@
 const express = require('express');
 const router = express.Router();
-const { requireAuth, requireAdmin } = require('../middleware/auth');
+const { requireAuth } = require('../middleware/auth');
+const { createRequirePage } = require('../../../shared/middleware/pagePermission');
+const { getPool } = require('../../shared/config/database');
+const requirePage = createRequirePage(getPool);
 const ctrl = require('../controllers/vendorController');
 
 router.use(requireAuth);
 
 router.get('/', ctrl.list);
 router.get('/:id', ctrl.getById);
-router.post('/', requireAdmin, ctrl.create);
-router.put('/:id', requireAdmin, ctrl.update);
-router.delete('/:id', requireAdmin, ctrl.deactivate);
+router.post('/', requirePage('tkuser.vendors'), ctrl.create);
+router.put('/:id', requirePage('tkuser.vendors'), ctrl.update);
+router.delete('/:id', requirePage('tkuser.vendors'), ctrl.deactivate);
 
 module.exports = router;