diff --git a/app/api/csp-metrics/route.ts b/app/api/csp-metrics/route.ts
index 34fbba1..057786f 100644
--- a/app/api/csp-metrics/route.ts
+++ b/app/api/csp-metrics/route.ts
@@ -9,9 +9,17 @@ export async function GET(request: NextRequest) {
     // Authentication check for security metrics endpoint
     const session = await getServerSession(authOptions);
 
-    if (!session?.user || !session.user.isPlatformUser) {
+    if (!session?.user) {
       return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
     }
+
+    // Check for ADMIN role as CSP metrics contain sensitive security data
+    if (session.user.role !== "ADMIN") {
+      return NextResponse.json(
+        { error: "Forbidden - Admin access required" },
+        { status: 403 }
+      );
+    }
     // Rate limiting for metrics endpoint
     const ip = extractClientIP(request);
     const rateLimitResult = await rateLimiter.check(