diff --git a/src/main/java/com/bamboo/log/common/config/SecurityConfig.java b/src/main/java/com/bamboo/log/common/config/SecurityConfig.java
index f36c518..d40a6fe 100644
--- a/src/main/java/com/bamboo/log/common/config/SecurityConfig.java
+++ b/src/main/java/com/bamboo/log/common/config/SecurityConfig.java
@@ -52,6 +52,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .requestMatchers("/refresh").permitAll()
                 .requestMatchers("/logout").hasAnyRole("USER")
                 .requestMatchers("/swagger-ui/**","/v3/api-docs/**","/swagger-resources/**","/webjars/**").permitAll()
+                .requestMatchers("/api/images/**").hasAnyRole("USER")
                 .anyRequest().authenticated());
 
 
diff --git a/src/main/java/com/bamboo/log/domain/user/oauth/dto/CustomOAuth2User.java b/src/main/java/com/bamboo/log/domain/user/oauth/dto/CustomOAuth2User.java
index 3e33b94..dcabe8e 100644
--- a/src/main/java/com/bamboo/log/domain/user/oauth/dto/CustomOAuth2User.java
+++ b/src/main/java/com/bamboo/log/domain/user/oauth/dto/CustomOAuth2User.java
@@ -45,4 +45,8 @@ public String getName() {
     public String getUsername() {
         return userDTO.getUsername();
     }
+
+    public String userId(){
+        return userDTO.getId
+    }
 }
\ No newline at end of file
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 746ba36..17527e6 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -1,3 +1,5 @@
+# application.yml
+
 spring:
   datasource:
     url: jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT}/${MYSQL_NAME}
@@ -11,7 +13,6 @@ spring:
       ddl-auto: update
     properties:
       hibernate.dialect: org.hibernate.dialect.MySQL8Dialect
-
   security:
     oauth2:
       client:
@@ -32,7 +33,6 @@ spring:
             user-name-attribute: ${SECURITY_OAUTH2_PROVIDER_KAKAO_USER_NAME_ATTRIBUTE}
   jwt:
     secret: ${JWT_SECRET}
-
 elice:
   api:
     token: ${API_TOKEN}