diff --git a/app/Livewire/RoleForm.php b/app/Livewire/RoleForm.php
index 3864741..3a48dc3 100644
--- a/app/Livewire/RoleForm.php
+++ b/app/Livewire/RoleForm.php
@@ -21,7 +21,7 @@ class RoleForm extends Component
 
     public function mount(?Role $role = null): void
     {
-        abort_unless(Auth::user()?->can(self::CORE_PERMISSION), 403);
+        abort_unless(Auth::user()?->can('manage roles'), 403);
 
         if ($role && $role->exists) {
             $this->role        = $role;
diff --git a/app/Livewire/RolePermissionManager.php b/app/Livewire/RolePermissionManager.php
index 0671ce5..532649a 100644
--- a/app/Livewire/RolePermissionManager.php
+++ b/app/Livewire/RolePermissionManager.php
@@ -21,7 +21,7 @@ class RolePermissionManager extends Component
 
     public function mount(): void
     {
-        abort_unless(Auth::user()?->can(self::CORE_PERMISSION), 403);
+        abort_unless(Auth::user()?->can('manage roles'), 403);
     }
 
     private function flushCache(): void
diff --git a/app/Livewire/RoleView.php b/app/Livewire/RoleView.php
index fb437fe..c33cede 100644
--- a/app/Livewire/RoleView.php
+++ b/app/Livewire/RoleView.php
@@ -23,7 +23,7 @@ class RoleView extends Component
 
     public function mount(Role $role): void
     {
-        abort_unless(Auth::user()?->can(self::CORE_PERMISSION), 403);
+        abort_unless(Auth::user()?->can('manage roles'), 403);
         $this->role = $role;
     }
 
diff --git a/resources/views/livewire/layout/navigation.blade.php b/resources/views/livewire/layout/navigation.blade.php
index 57f72d0..a96fa9e 100644
--- a/resources/views/livewire/layout/navigation.blade.php
+++ b/resources/views/livewire/layout/navigation.blade.php
@@ -49,7 +49,7 @@ new class extends Component
                     </x-nav-link>
                 </div>
 
-                @can('manage all')
+                @can('view users')
                     <div class="hidden space-x-8 sm:-my-px sm:ms-10 sm:flex">
                         <x-nav-link :href="route('admin.users')" :active="request()->routeIs('admin.users')" wire:navigate>
                             {{ __('Administrator') }}
diff --git a/routes/web.php b/routes/web.php
index ddeef43..ffdc385 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -130,17 +130,17 @@ Route::get('/reports/dashboard', ReportsDashboard::class)->name('reports.dashboa
         })->name('dashboard');
     });
 
-    // Admin: gestión de usuarios y roles
-    Route::middleware(['can:manage all'])->prefix('admin')->name('admin.')->group(function () {
-        Route::get('/users',              function () { return view('admin.users'); })->name('users');
-        Route::get('/users/create',       \App\Livewire\UserForm::class)->name('users.create');
-        Route::get('/users/{user}',       \App\Livewire\UserView::class)->name('users.show');
-        Route::get('/users/{user}/edit',  \App\Livewire\UserForm::class)->name('users.edit');
-        Route::get('/roles',               function () { return view('admin.roles'); })->name('roles');
-        Route::get('/roles/create',        \App\Livewire\RoleForm::class)->name('roles.create');
-        Route::get('/roles/{role}/edit',   \App\Livewire\RoleForm::class)->name('roles.edit');
-        Route::get('/roles/{role}',        \App\Livewire\RoleView::class)->name('roles.show');
-        Route::get('/permissions',         \App\Livewire\RolePermissionManager::class)->name('permissions');
+    // Admin: gestión de usuarios y roles (cada ruta protegida por su permiso)
+    Route::prefix('admin')->name('admin.')->group(function () {
+        Route::get('/users',              function () { return view('admin.users'); })->middleware('can:view users')->name('users');
+        Route::get('/users/create',       \App\Livewire\UserForm::class)->middleware('can:create users')->name('users.create');
+        Route::get('/users/{user}',       \App\Livewire\UserView::class)->middleware('can:view users')->name('users.show');
+        Route::get('/users/{user}/edit',  \App\Livewire\UserForm::class)->middleware('can:edit users')->name('users.edit');
+        Route::get('/roles',               function () { return view('admin.roles'); })->middleware('can:manage roles')->name('roles');
+        Route::get('/roles/create',        \App\Livewire\RoleForm::class)->middleware('can:manage roles')->name('roles.create');
+        Route::get('/roles/{role}/edit',   \App\Livewire\RoleForm::class)->middleware('can:manage roles')->name('roles.edit');
+        Route::get('/roles/{role}',        \App\Livewire\RoleView::class)->middleware('can:manage roles')->name('roles.show');
+        Route::get('/permissions',         \App\Livewire\RolePermissionManager::class)->middleware('can:manage roles')->name('permissions');
     });
 
     // Gestor de medios