diff --git a/src/main/java/de/ozgcloud/admin/security/SecurityConfiguration.java b/src/main/java/de/ozgcloud/admin/security/SecurityConfiguration.java
index cacf20954b0863f149c2bd2c529cacc9daef6ce5..fcf7f24bc9836e7c93818a412b5fef855229ebd9 100644
--- a/src/main/java/de/ozgcloud/admin/security/SecurityConfiguration.java
+++ b/src/main/java/de/ozgcloud/admin/security/SecurityConfiguration.java
@@ -55,8 +55,8 @@ public class SecurityConfiguration {
 
 		http.authorizeHttpRequests(requests -> requests
 				.requestMatchers(HttpMethod.GET, "/api/environment").permitAll()
-				.requestMatchers("/api/configuration/settings").hasRole(UserRole.ADMIN_USER)
-				.requestMatchers("/api/configuration/settings/**").hasRole(UserRole.ADMIN_USER)
+				.requestMatchers("/api/configuration").hasRole(UserRole.ADMIN_USER)
+				.requestMatchers("/api/configuration/**").hasRole(UserRole.ADMIN_USER)
 				.requestMatchers("/api").authenticated()
 				.requestMatchers("/api/**").authenticated()
 				.requestMatchers("/actuator").permitAll()
diff --git a/src/test/java/de/ozgcloud/admin/security/SecurityConfigurationITCase.java b/src/test/java/de/ozgcloud/admin/security/SecurityConfigurationITCase.java
index c20d573b6f9804487bf8e26fc4433811f1798726..6e84b05448a56c7e6f80d399b74a9fdec349b98a 100644
--- a/src/test/java/de/ozgcloud/admin/security/SecurityConfigurationITCase.java
+++ b/src/test/java/de/ozgcloud/admin/security/SecurityConfigurationITCase.java
@@ -138,35 +138,33 @@ class SecurityConfigurationITCase {
 	@Nested
 	class TestWithAuthentication {
 
-		static final String CLAIMS = """
-				{
-				  "preferredUsername": "testUser",
-				  "scope": "openid testscope"
-				}""";
-
+		@Test
 		@SneakyThrows
-		@ParameterizedTest
-		@ValueSource(strings = {
-				"/api/environment",
-				"/configserver/name/profile",
-				"/api", "/api/configuration"
-		})
-		@WithJwt(CLAIMS)
-		void shouldAllow(String path) {
-			var result = doPerformAuthenticated(path);
+		@WithMockUser
+		void shouldAllowApiEndpoint() {
+			var result = doPerformAuthenticated("/api");
 
 			result.andExpect(status().isOk());
 		}
 
 		@Test
 		@SneakyThrows
-		@WithJwt(CLAIMS)
-		void shouldForbid() {
+		@WithMockUser
+		void shouldForbidSettingsEndpoint() {
 			var result = doPerformAuthenticated("/api/configuration/settings");
 
 			result.andExpect(status().isForbidden());
 		}
 
+		@Test
+		@SneakyThrows
+		@WithMockUser
+		void shouldForbidConfigurationsEndpoint() {
+			var result = doPerformAuthenticated("/api/configuration");
+
+			result.andExpect(status().isForbidden());
+		}
+
 		@SneakyThrows
 		private ResultActions doPerformAuthenticated(String path) {
 			return mockMvc.perform(get(path));
@@ -179,10 +177,19 @@ class SecurityConfigurationITCase {
 		@Test
 		@SneakyThrows
 		@WithMockUser(roles = UserRole.ADMIN_USER)
-		void shouldAllow() {
+		void shouldAllowSettings() {
 			var result = mockMvc.perform(get("/api/configuration/settings"));
 
 			result.andExpect(status().isOk());
 		}
+
+		@Test
+		@SneakyThrows
+		@WithMockUser(roles = UserRole.ADMIN_USER)
+		void shouldAllowConfiguration() {
+			var result = mockMvc.perform(get("/api/configuration"));
+
+			result.andExpect(status().isOk());
+		}
 	}
 }