diff --git a/game_collection/user_management.py b/game_collection/user_management.py
index e00cf13..44e861e 100644
--- a/game_collection/user_management.py
+++ b/game_collection/user_management.py
@@ -36,6 +36,8 @@ def before_request():
 
 @user_bp.route('/users', methods=['POST'])
 def create_user():
+    if not authenticate() or g.user.role != 'admin':
+        return jsonify({'message': 'Unauthorized access! Only admins can create users.'}), 401
     data = request.json
     hashed_password = generate_password_hash(data['password'])
     new_user = User(