diff --git a/internal/middleware/auth_middleware.go b/internal/middleware/auth_middleware.go
index bb8b814..ad42527 100644
--- a/internal/middleware/auth_middleware.go
+++ b/internal/middleware/auth_middleware.go
@@ -82,7 +82,11 @@ func (m *AuthMiddleware) RequireRole(allowedRoles ...string) gin.HandlerFunc {
 }
 
 func (m *AuthMiddleware) RequireAdminOrManager() gin.HandlerFunc {
-	return m.RequireRole("superadmin", "admin", "manager")
+	return m.RequireRole("superadmin", "admin", "manager", "owner",  "purchasing")
+}
+
+func (m *AuthMiddleware) RequireAdminOrManagerOrPurchasing() gin.HandlerFunc {
+	return m.RequireRole("superadmin", "admin", "manager", "owner", "purchasing")
 }
 
 func (m *AuthMiddleware) RequireAdmin() gin.HandlerFunc {
diff --git a/internal/router/router.go b/internal/router/router.go
index a8433ef..4f32980 100644
--- a/internal/router/router.go
+++ b/internal/router/router.go
@@ -356,7 +356,7 @@ func (r *Router) addAppRoutes(rg *gin.Engine) {
 			}
 
 			ingredients := protected.Group("/ingredients")
-			ingredients.Use(r.authMiddleware.RequireAdminOrManager())
+			ingredients.Use(r.authMiddleware.RequireAdminOrManagerOrPurchasing())
 			{
 				ingredients.POST("", r.ingredientHandler.Create)
 				ingredients.GET("", r.ingredientHandler.GetAll)
@@ -369,7 +369,7 @@ func (r *Router) addAppRoutes(rg *gin.Engine) {
 			}
 
 			vendors := protected.Group("/vendors")
-			vendors.Use(r.authMiddleware.RequireAdminOrManager())
+			vendors.Use(r.authMiddleware.RequireAdminOrManagerOrPurchasing())
 			{
 				vendors.POST("", r.vendorHandler.CreateVendor)
 				vendors.GET("", r.vendorHandler.ListVendors)
@@ -380,7 +380,7 @@ func (r *Router) addAppRoutes(rg *gin.Engine) {
 			}
 
 			purchaseOrders := protected.Group("/purchase-orders")
-			purchaseOrders.Use(r.authMiddleware.RequireAdminOrManager())
+			purchaseOrders.Use(r.authMiddleware.RequireAdminOrManagerOrPurchasing())
 			{
 				purchaseOrders.POST("", r.purchaseOrderHandler.CreatePurchaseOrder)
 				purchaseOrders.GET("", r.purchaseOrderHandler.ListPurchaseOrders)
@@ -393,7 +393,7 @@ func (r *Router) addAppRoutes(rg *gin.Engine) {
 			}
 
 			purchaseCategories := protected.Group("/purchase-categories")
-			purchaseCategories.Use(r.authMiddleware.RequireAdminOrManager())
+			purchaseCategories.Use(r.authMiddleware.RequireAdminOrManagerOrPurchasing())
 			{
 				purchaseCategories.POST("", r.purchaseCategoryHandler.CreatePurchaseCategory)
 				purchaseCategories.GET("", r.purchaseCategoryHandler.ListPurchaseCategories)
@@ -403,7 +403,7 @@ func (r *Router) addAppRoutes(rg *gin.Engine) {
 			}
 
 			unitConverters := protected.Group("/unit-converters")
-			unitConverters.Use(r.authMiddleware.RequireAdminOrManager())
+			unitConverters.Use(r.authMiddleware.RequireAdminOrManagerOrPurchasing())
 			{
 				unitConverters.POST("", r.unitConverterHandler.CreateIngredientUnitConverter)
 				unitConverters.GET("", r.unitConverterHandler.ListIngredientUnitConverters)
@@ -465,7 +465,7 @@ func (r *Router) addAppRoutes(rg *gin.Engine) {
 			}
 
 			expenses := protected.Group("/expenses")
-			expenses.Use(r.authMiddleware.RequireAdminOrManager())
+			expenses.Use(r.authMiddleware.RequireAdminOrManagerOrPurchasing())
 			{
 				expenses.POST("", r.expenseHandler.CreateExpense)
 				expenses.GET("", r.expenseHandler.ListExpenses)