Index: ChapterX.API/Controllers/UsersController.cs
===================================================================
--- ChapterX.API/Controllers/UsersController.cs	(revision 7fbb91c66b46c3063caa934a83d6d0681406c83c)
+++ ChapterX.API/Controllers/UsersController.cs	(revision b373fea3e2c9d404606002f8e7ba265a82d68187)
@@ -5,4 +5,6 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
 
 namespace ChapterX.API.Controllers
@@ -67,4 +69,9 @@
             }
 
+            var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
+            var isAdmin = User.IsInRole("Admin");
+            if (callerId != id && !isAdmin)
+                return Forbid();
+
             var response = await _mediator.Send(request);
             return Ok(response);
@@ -76,4 +83,9 @@
         {
             _logger.LogInformation("Deleting user with ID: {UserId}", id);
+            var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
+            var isAdmin = User.IsInRole("Admin");
+            if (callerId != id && !isAdmin)
+                return Forbid();
+
             var response = await _mediator.Send(new DeleteRequest(id));
             return Ok(response);
