diff --git a/server/auth/actions.ts b/server/auth/actions.ts
index 0fc38564..fbb17f7e 100644
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@@ -35,7 +35,6 @@ export enum ActionsEnum {
     removeUser = "removeUser",
     listUsers = "listUsers",
     listSiteRoles = "listSiteRoles",
-    listUserRoles = "listUserRoles",
     listResourceRoles = "listResourceRoles",
     addRoleSite = "addRoleSite",
     addRoleResource = "addRoleResource",
diff --git a/server/routers/role/addRoleAction.ts b/server/routers/role/addRoleAction.ts
index 1faa8175..5e677aa4 100644
--- a/server/routers/role/addRoleAction.ts
+++ b/server/routers/role/addRoleAction.ts
@@ -7,9 +7,13 @@ import HttpCode from '@server/types/HttpCode';
 import createHttpError from 'http-errors';
 import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
 import logger from '@server/logger';
+import { eq } from 'drizzle-orm';
+
+const addRoleActionParamSchema = z.object({
+    roleId: z.string().transform(Number).pipe(z.number().int().positive()),
+});
 
 const addRoleActionSchema = z.object({
-    roleId: z.string().transform(Number).pipe(z.number().int().positive()),
     actionId: z.string(),
 });
 
@@ -25,7 +29,19 @@ export async function addRoleAction(req: Request, res: Response, next: NextFunct
             );
         }
 
-        const { roleId, actionId } = parsedBody.data;
+        const { actionId } = parsedBody.data;
+
+        const parsedParams = addRoleActionParamSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    parsedParams.error.errors.map(e => e.message).join(', ')
+                )
+            );
+        }
+
+        const { roleId } = parsedParams.data;
 
         // Check if the user has permission to add role actions
         const hasPermission = await checkUserActionPermission(ActionsEnum.addRoleAction, req);
@@ -42,7 +58,7 @@ export async function addRoleAction(req: Request, res: Response, next: NextFunct
         const newRoleAction = await db.insert(roleActions).values({
             roleId,
             actionId,
-            orgId: role[0].orgId,
+            orgId: role[0].orgId!,
         }).returning();
 
         return response(res, {
diff --git a/server/routers/role/addRoleResource.ts b/server/routers/role/addRoleResource.ts
index bf770f6e..9c70e7ae 100644
--- a/server/routers/role/addRoleResource.ts
+++ b/server/routers/role/addRoleResource.ts
@@ -8,8 +8,11 @@ import createHttpError from 'http-errors';
 import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
 import logger from '@server/logger';
 
-const addRoleResourceSchema = z.object({
+const addRoleResourceParamsSchema = z.object({
     roleId: z.string().transform(Number).pipe(z.number().int().positive()),
+});
+
+const addRoleResourceSchema = z.object({
     resourceId: z.string(),
 });
 
@@ -25,7 +28,19 @@ export async function addRoleResource(req: Request, res: Response, next: NextFun
             );
         }
 
-        const { roleId, resourceId } = parsedBody.data;
+        const { resourceId } = parsedBody.data;
+
+        const parsedParams = addRoleResourceParamsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    parsedParams.error.errors.map(e => e.message).join(', ')
+                )
+            );
+        }
+
+        const { roleId } = parsedParams.data;
 
         // Check if the user has permission to add role resources
         const hasPermission = await checkUserActionPermission(ActionsEnum.addRoleResource, req);
diff --git a/server/routers/role/removeRoleResource.ts b/server/routers/role/removeRoleResource.ts
index 557e6cef..d164be2d 100644
--- a/server/routers/role/removeRoleResource.ts
+++ b/server/routers/role/removeRoleResource.ts
@@ -9,8 +9,11 @@ import createHttpError from 'http-errors';
 import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
 import logger from '@server/logger';
 
-const removeRoleResourceSchema = z.object({
+const removeRoleResourceParamsSchema = z.object({
     roleId: z.string().transform(Number).pipe(z.number().int().positive()),
+});
+
+const removeRoleResourceSchema = z.object({
     resourceId: z.string(),
 });
 
@@ -26,7 +29,19 @@ export async function removeRoleResource(req: Request, res: Response, next: Next
             );
         }
 
-        const { roleId, resourceId } = parsedParams.data;
+        const { resourceId } = parsedParams.data;
+
+        const parsedBody = removeRoleResourceParamsSchema.safeParse(req.body);
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    parsedBody.error.errors.map(e => e.message).join(', ')
+                )
+            );
+        }
+
+        const { roleId } = parsedBody.data;
 
         // Check if the user has permission to remove role resources
         const hasPermission = await checkUserActionPermission(ActionsEnum.removeRoleResource, req);
diff --git a/server/routers/user/index.ts b/server/routers/user/index.ts
index 9d494ecd..73f51565 100644
--- a/server/routers/user/index.ts
+++ b/server/routers/user/index.ts
@@ -2,5 +2,4 @@ export * from "./getUser";
 export * from "./removeUserOrg";
 export * from "./addUserOrg";
 export * from "./listUsers";
-export * from "./listUserRoles";
 export * from "./setUserRole";
\ No newline at end of file