diff --git a/BACKEND/Modules/Admin/app/Http/Controllers/ProfileController.php b/BACKEND/Modules/Admin/app/Http/Controllers/ProfileController.php
index af0ddbf..b5619e5 100644
--- a/BACKEND/Modules/Admin/app/Http/Controllers/ProfileController.php
+++ b/BACKEND/Modules/Admin/app/Http/Controllers/ProfileController.php
@@ -52,7 +52,7 @@ class ProfileController extends Controller
                             return [
                                 'criteria' => $criteria->name,
                                 'note' => $userCriteria->note ?? '',
-                                'createdBy' => auth('admins')->user()->name ?? '', // Lấy tên user từ auth
+                                'createdBy' => $userCriteria->created_by ?? '', // Lấy tên user từ auth
                                 'point' => $userCriteria->point ?? '',
                             ];
                         })
diff --git a/BACKEND/Modules/Admin/routes/api.php b/BACKEND/Modules/Admin/routes/api.php
index 706204f..b6382a7 100755
--- a/BACKEND/Modules/Admin/routes/api.php
+++ b/BACKEND/Modules/Admin/routes/api.php
@@ -161,8 +161,8 @@ Route::middleware('api')
                 'prefix' => 'criterias',
             ], function () {
                 Route::get('/sprints/{sprintId}', [CriteriasController::class, 'getCriteriasForSprint'])->middleware('check.permission:admin');
-                Route::get('/users/{userId}', [CriteriasController::class, 'getCriteriasForUser'])->middleware('check.permission:admin');
-                Route::get('/users/{userId}/sprints/{sprintId}', [CriteriasController::class, 'getCriteriasForUserBySprint'])->middleware('check.permission:admin');
+                // Route::get('/users/{userId}', [CriteriasController::class, 'getCriteriasForUser'])->middleware('check.permission:admin');
+                // Route::get('/users/{userId}/sprints/{sprintId}', [CriteriasController::class, 'getCriteriasForUserBySprint'])->middleware('check.permission:admin');
                 Route::get('/getAll', [CriteriasController::class, 'getAllCriterias'])->middleware('check.permission:admin');
                 Route::post('/sprints/{sprintId}', [CriteriasController::class, 'updateCriteriasForSprint'])->middleware('check.permission:admin');
 
@@ -170,8 +170,8 @@ Route::middleware('api')
                 Route::post('/test-cases/{sprintId}', [TestCaseForSprintController::class, 'createTestReport'])->middleware('check.permission:admin,tester');
                 Route::get('/test-cases/delete', [TestCaseForSprintController::class, 'deleteTestReport'])->middleware('check.permission:admin,tester');
 
-                Route::get('/profiles-data', [ProfileController::class, 'getProfilesData']);
-
+                Route::get('/profiles-data', [ProfileController::class, 'getProfilesData'])->middleware('check.permission:admin.hr.staff.tester');
+                Route::post('/profiles-data/update', [ProfileController::class, 'updateProfilesData'])->middleware('check.permission:admin.hr.staff.tester');
             });
         });
     });
diff --git a/FRONTEND/src/routes/main.tsx b/FRONTEND/src/routes/main.tsx
index b4497a9..b980915 100755
--- a/FRONTEND/src/routes/main.tsx
+++ b/FRONTEND/src/routes/main.tsx
@@ -193,7 +193,7 @@ const mainRoutes = [
   {
     path: '/profile',
     element: (
-      <ProtectedRoute mode="route" permission="staff,admin,hr">
+      <ProtectedRoute mode="route" permission="staff,admin,hr,tester">
         <BasePage
           main={
             <>