diff --git a/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt b/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
index 7d4b2d8e..b29a8e94 100644
--- a/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
@@ -182,7 +182,8 @@ class SecurityConfig {
                 builder.pattern("/api/v1/instance/**"),
                 builder.pattern("/.well-known/**"),
                 builder.pattern("/error"),
-                builder.pattern("/nodeinfo/2.0")
+                builder.pattern("/nodeinfo/2.0"),
+                builder.pattern("/api/v1/accounts")
             ).permitAll()
             it.requestMatchers(
                 builder.pattern("/auth/**")
@@ -192,7 +193,9 @@ class SecurityConfig {
                 .hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts")
             it.requestMatchers(builder.pattern(HttpMethod.POST, "/api/v1/media"))
                 .hasAnyAuthority("SCOPE_write", "SCOPE_write:media")
-            it.anyRequest().permitAll()
+            it.requestMatchers(builder.pattern(HttpMethod.POST, "/api/v1/statuses"))
+                .hasAnyAuthority("SCOPE_write", "SCOPE_write:statuses")
+            it.anyRequest().authenticated()
         }
         http.oauth2ResourceServer {
             it.jwt(Customizer.withDefaults())