diff --git a/middleware/verifyAccess.js b/middleware/verifyAccess.js
index e62fee0..e260a83 100644
--- a/middleware/verifyAccess.js
+++ b/middleware/verifyAccess.js
@@ -1,6 +1,10 @@
 const { ErrorHandler } = require("../helpers/error");
 const { getUserByIdDb } = require("../db/user.db");
 
+function isPhoneNumberID(phone) {
+  return /^(?:\+62|62|0)8[1-9][0-9]{6,10}$/.test(phone);
+}
+
 const verifyAccess = (minLevel = 1, allowUnapprovedReadOnly = false) => {
   return async (req, res, next) => {
     try {
@@ -11,21 +15,30 @@ const verifyAccess = (minLevel = 1, allowUnapprovedReadOnly = false) => {
       // Super Admin bypass semua
       if (user.is_sa) return next();
 
-      const fullUser = await getUserByIdDb(user.user_id);
-      if (!fullUser) throw new ErrorHandler(403, "Forbidden: User not found");
+      if (!isPhoneNumberID(user.user_id)) {
+        const fullUser = await getUserByIdDb(user.user_id);
+        if (!fullUser) throw new ErrorHandler(403, "Forbidden: User not found");
 
-      if (!fullUser.is_approve) {
-        if (req.method !== "GET") {
-          throw new ErrorHandler(403, "Account not approved — read-only access");
+        if (!fullUser.is_approve) {
+          if (req.method !== "GET") {
+            throw new ErrorHandler(403, "Account not approved — read-only access");
+          }
+
+          if (allowUnapprovedReadOnly) return next();
+
+          throw new ErrorHandler(403, "Account not approved");
         }
 
-        if (allowUnapprovedReadOnly) return next();
+        if (!fullUser.role_level || fullUser.role_level < minLevel) {
+          throw new ErrorHandler(403, "Forbidden: Insufficient role level");
+        }
+      } else {
+        if (req.method !== 'GET' && req.baseUrl !== '/api/notification-log') {
+          if (req.baseUrl !== '/api/notification') {
+            throw new ErrorHandler(403, "Forbidden: Insufficient Access");
+          }
+        }
 
-        throw new ErrorHandler(403, "Account not approved");
-      }
-
-      if (!fullUser.role_level || fullUser.role_level < minLevel) {
-        throw new ErrorHandler(403, "Forbidden: Insufficient role level");
       }
 
       next();
diff --git a/routes/notification_error.route.js b/routes/notification_error.route.js
index ccd02d0..110cd3d 100644
--- a/routes/notification_error.route.js
+++ b/routes/notification_error.route.js
@@ -26,7 +26,7 @@ router
   .get(verifyToken.verifyAccessToken, NotificationErrorController.getById)
   .put(
     verifyToken.verifyAccessToken,
-    // verifyAccess(),
+    verifyAccess(),
     NotificationErrorController.update
   );
 
diff --git a/routes/notification_error_log.route.js b/routes/notification_error_log.route.js
index 9b746da..cb63817 100644
--- a/routes/notification_error_log.route.js
+++ b/routes/notification_error_log.route.js
@@ -9,7 +9,7 @@ router.route("/")
     .get(verifyToken.verifyAccessToken, NotificationErrorLogController.getAll)
     .post(
         verifyToken.verifyAccessToken,
-        // verifyAccess(),
+        verifyAccess(),
         NotificationErrorLogController.create);
 
 router.route("/:id")