diff --git a/DrinkRateAPI/AuthorizationPolicies/AdminOnlyRequirement.cs b/DrinkRateAPI/AuthorizationPolicies/AdminOnlyRequirement.cs
index f850568..c6d18a2 100644
--- a/DrinkRateAPI/AuthorizationPolicies/AdminOnlyRequirement.cs
+++ b/DrinkRateAPI/AuthorizationPolicies/AdminOnlyRequirement.cs
@@ -1,4 +1,5 @@
 using DrinkRateAPI.DbEntities;
+using DrinkRateAPI.Exceptions;
 using DrinkRateAPI.Services;
 
 namespace DrinkRateAPI.AuthorizationPolicies;
@@ -26,7 +27,16 @@ public class AdminOnlyHandler : AuthorizationHandler<AdminOnlyRequirement>
         AuthorizationHandlerContext context,
         AdminOnlyRequirement requirement)
     {
-        var userProfile = await _applicationUserService.UserProfileByApplicationUserAsync(context.User);
+        DbUserProfile userProfile;
+
+        try
+        {
+            userProfile = await _applicationUserService.UserProfileByApplicationUserAsync(context.User);
+        }
+        catch (NotFoundException _)
+        {
+            throw new ForbiddenException();
+        }
 
         if (_userProfileService.IsUserProfileAdmin(userProfile))
         {
diff --git a/DrinkRateAPI/AuthorizationPolicies/PolicyConstants.cs b/DrinkRateAPI/AuthorizationPolicies/PolicyConstants.cs
new file mode 100644
index 0000000..fc37305
--- /dev/null
+++ b/DrinkRateAPI/AuthorizationPolicies/PolicyConstants.cs
@@ -0,0 +1,7 @@
+namespace DrinkRateAPI.AuthorizationPolicies;
+
+public static class PolicyConstants
+{
+    public const string AdminOnly = "AdminOnly";
+    
+}
\ No newline at end of file
diff --git a/DrinkRateAPI/Controllers/UserProfileController.cs b/DrinkRateAPI/Controllers/UserProfileController.cs
index 7c4cfa0..6b3a064 100644
--- a/DrinkRateAPI/Controllers/UserProfileController.cs
+++ b/DrinkRateAPI/Controllers/UserProfileController.cs
@@ -1,5 +1,6 @@
 using System.Security.Claims;
 using DrinkRateAPI.ApiModels.UserProfile;
+using DrinkRateAPI.AuthorizationPolicies;
 using DrinkRateAPI.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -28,7 +29,7 @@ public class UserProfileController : ControllerBase
     }
 
     [HttpPut("{userId}/adminStatus")]
-    [Authorize(Policy = "AdminOnly")]
+    [Authorize(Policy = PolicyConstants.AdminOnly)]
     [Produces("application/json")]
     public async Task<IActionResult> PutUserAdminStatus(string userId, [FromBody] UserProfileAdminStatusPut body)
     {
diff --git a/DrinkRateAPI/Program.cs b/DrinkRateAPI/Program.cs
index 9da7e7d..c6f0c33 100644
--- a/DrinkRateAPI/Program.cs
+++ b/DrinkRateAPI/Program.cs
@@ -15,7 +15,7 @@ builder.Services.AddControllers();
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddAuthorizationBuilder()
-    .AddPolicy("AdminOnly", policy =>
+    .AddPolicy(PolicyConstants.AdminOnly, policy =>
         policy.Requirements.Add(new AdminOnlyRequirement()));
 builder.Services.AddIdentityApiEndpoints<DbApplicationUser>()
     .AddEntityFrameworkStores<ApplicationDbContext>();
@@ -58,6 +58,7 @@ builder.Services.AddSwaggerGen(c =>
 builder.Services.AddDbContext<ApplicationDbContext>();
 builder.Services.AddScoped<ApplicationUserService>();
 builder.Services.AddScoped<UserProfileService>();
+builder.Services.AddScoped<ProductTableService>();
 
 var app = builder.Build();