diff --git a/resources/KYC/KycController.js b/resources/KYC/KycController.js
index 5a92f14..295c54b 100644
--- a/resources/KYC/KycController.js
+++ b/resources/KYC/KycController.js
@@ -111,7 +111,7 @@ export const getAllKyc = async (req, res) => {
   try {
     // Fetch all KYC documents from the database
     // console.log("req came here ");
-    const kycs = await KYC.find()
+    const kycs = await KYC.find({ principal_distributer: req.user._id })
       .populate("principal_distributer", "name")
       .populate("addedBy");
     // console.log(kycs);
@@ -193,6 +193,9 @@ export const updateKycStatus = async (req, res) => {
     if (!kyc) {
       return res.status(404).json({ message: "KYC record not found" });
     }
+    if (kyc.principal_distributer.toString() !== req.user._id.toString()) {
+      return res.status(403).json({ message: "Access denied" });
+    }
 
     // Update the status
     if (status) {