diff --git a/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/exception/GlobalExceptionHandler.java b/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/exception/GlobalExceptionHandler.java
index a888d311..3361fcd9 100644
--- a/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/exception/GlobalExceptionHandler.java
+++ b/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/exception/GlobalExceptionHandler.java
@@ -32,6 +32,8 @@
 import com.nowait.domaincorerdb.order.exception.OrderUpdateUnauthorizedException;
 import com.nowait.domaincorerdb.order.exception.OrderViewUnauthorizedException;
 import com.nowait.domaincorerdb.reservation.exception.ReservationNotFoundException;
+import com.nowait.domaincorerdb.reservation.exception.ReservationUpdateUnauthorizedException;
+import com.nowait.domaincorerdb.reservation.exception.ReservationViewUnauthorizedException;
 import com.nowait.domaincorerdb.token.exception.BusinessException;
 import com.nowait.domaincorerdb.user.exception.UserNotFoundException;
 
@@ -156,6 +158,20 @@ public ErrorResponse reservationNotFoundException(ReservationNotFoundException e
 		return new ErrorResponse(e.getMessage(), NOTFOUND_RESERVATION.getCode());
 	}
 
+	@ResponseStatus(value = FORBIDDEN)
+	@ExceptionHandler(ReservationViewUnauthorizedException.class)
+	public ErrorResponse reservationViewUnauthorizedException(ReservationViewUnauthorizedException e) {
+		log.error("reservationViewUnauthorizedException", e);
+		return new ErrorResponse(e.getMessage(), RESERVATION_VIEW_UNAUTHORIZED.getCode());
+	}
+
+	@ResponseStatus(value = FORBIDDEN)
+	@ExceptionHandler(ReservationUpdateUnauthorizedException.class)
+	public ErrorResponse reservationUpdateUnauthorizedException(ReservationUpdateUnauthorizedException e) {
+		log.error("reservationUpdateUnauthorizedException", e);
+		return new ErrorResponse(e.getMessage(), RESERVATION_UPDATE_UNAUTHORIZED.getCode());
+	}
+
 	@ResponseStatus(value = FORBIDDEN)
 	@ExceptionHandler(MenuCreationUnauthorizedException.class)
 	public ErrorResponse menuCreationUnauthorizedException(MenuCreationUnauthorizedException e) {
diff --git a/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/reservation/controller/ReservationController.java b/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/reservation/controller/ReservationController.java
index b29d3b56..9868d04d 100644
--- a/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/reservation/controller/ReservationController.java
+++ b/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/reservation/controller/ReservationController.java
@@ -2,6 +2,7 @@
 
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -14,6 +15,7 @@
 import com.nowait.applicationadmin.reservation.dto.ReservationStatusUpdateRequestDto;
 import com.nowait.applicationadmin.reservation.service.ReservationService;
 import com.nowait.common.api.ApiUtils;
+import com.nowait.domaincorerdb.user.entity.MemberDetails;
 
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
@@ -31,8 +33,9 @@ public class ReservationController {
 	@GetMapping("/admin/{storeId}")
 	@Operation(summary = "주점별 예약리스트 조회", description = "특정 주점에 대한 예약리스트 조회")
 	@ApiResponse(responseCode = "200", description = "예약리스트 조회")
-	public ResponseEntity<?> getReservationListByStoreId(@PathVariable Long storeId) {
-		ReservationStatusSummaryDto response = reservationService.getReservationListByStoreId(storeId);
+	public ResponseEntity<?> getReservationListByStoreId(@PathVariable Long storeId,
+		@AuthenticationPrincipal MemberDetails memberDetails) {
+		ReservationStatusSummaryDto response = reservationService.getReservationListByStoreId(storeId,memberDetails);
 		return ResponseEntity
 			.status(HttpStatus.OK)
 			.body(
@@ -45,9 +48,10 @@ public ResponseEntity<?> getReservationListByStoreId(@PathVariable Long storeId)
 	@PatchMapping("/admin/updates/{reservationId}")
 	@Operation(summary = "예약팀 상태 변경", description = "특정 예약에 대한 상태 변경(예약중->호출중,호출중->입장완료,취소)")
 	@ApiResponse(responseCode = "200", description = "예약팀 상태 변경")
-	public ResponseEntity<?> updateReservationStatus(@PathVariable Long reservationId,@RequestBody
-	ReservationStatusUpdateRequestDto requestDto) {
-		CallGetResponseDto response = reservationService.updateReservationStatus(reservationId,requestDto);
+	public ResponseEntity<?> updateReservationStatus(@PathVariable Long reservationId,
+		@RequestBody ReservationStatusUpdateRequestDto requestDto,
+		@AuthenticationPrincipal MemberDetails memberDetails) {
+		CallGetResponseDto response = reservationService.updateReservationStatus(reservationId,requestDto,memberDetails);
 		return ResponseEntity
 			.status(HttpStatus.OK)
 			.body(
diff --git a/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/reservation/service/ReservationService.java b/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/reservation/service/ReservationService.java
index 249f6b3f..cf61f493 100644
--- a/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/reservation/service/ReservationService.java
+++ b/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/reservation/service/ReservationService.java
@@ -11,9 +11,17 @@
 import com.nowait.applicationadmin.reservation.dto.ReservationStatusSummaryDto;
 import com.nowait.applicationadmin.reservation.dto.ReservationStatusUpdateRequestDto;
 import com.nowait.common.enums.ReservationStatus;
+import com.nowait.common.enums.Role;
+import com.nowait.domaincorerdb.order.exception.OrderUpdateUnauthorizedException;
 import com.nowait.domaincorerdb.reservation.entity.Reservation;
 import com.nowait.domaincorerdb.reservation.exception.ReservationNotFoundException;
+import com.nowait.domaincorerdb.reservation.exception.ReservationUpdateUnauthorizedException;
+import com.nowait.domaincorerdb.reservation.exception.ReservationViewUnauthorizedException;
 import com.nowait.domaincorerdb.reservation.repository.ReservationRepository;
+import com.nowait.domaincorerdb.user.entity.MemberDetails;
+import com.nowait.domaincorerdb.user.entity.User;
+import com.nowait.domaincorerdb.user.exception.UserNotFoundException;
+import com.nowait.domaincorerdb.user.repository.UserRepository;
 
 import lombok.RequiredArgsConstructor;
 
@@ -22,9 +30,14 @@
 public class ReservationService {
 
 	private final ReservationRepository reservationRepository;
+	private final UserRepository userRepository;
 
 	@Transactional(readOnly = true)
-	public ReservationStatusSummaryDto getReservationListByStoreId(Long storeId) {
+	public ReservationStatusSummaryDto getReservationListByStoreId(Long storeId, MemberDetails memberDetails) {
+		User user =  userRepository.findById(memberDetails.getId()).orElseThrow(UserNotFoundException::new);
+		if (!Role.SUPER_ADMIN.equals(user.getRole()) && !user.getStoreId().equals(storeId)) {
+			throw new ReservationViewUnauthorizedException();
+		}
 		List<Reservation> reservations = reservationRepository.findAllByStore_StoreIdOrderByRequestedAtAsc(storeId);
 
 		// 상태별 카운트 집계
@@ -50,9 +63,13 @@ public ReservationStatusSummaryDto getReservationListByStoreId(Long storeId) {
 			.build();
 	}
 	@Transactional
-	public CallGetResponseDto updateReservationStatus(Long reservationId, ReservationStatusUpdateRequestDto requestDto) {
-		Reservation reservation = reservationRepository.findById(reservationId)
-			.orElseThrow(ReservationNotFoundException::new);
+	public CallGetResponseDto updateReservationStatus(Long reservationId, ReservationStatusUpdateRequestDto requestDto,
+		MemberDetails memberDetails) {
+		User user =  userRepository.findById(memberDetails.getId()).orElseThrow(UserNotFoundException::new);
+		Reservation reservation = reservationRepository.findById(reservationId).orElseThrow(ReservationNotFoundException::new);
+		if (!Role.SUPER_ADMIN.equals(user.getRole()) && !user.getStoreId().equals(reservation.getStore().getStoreId())) {
+			throw new ReservationUpdateUnauthorizedException();
+		}
 			reservation.updateStatus(requestDto.getStatus());
 		return CallGetResponseDto.fromEntity(reservation);
 	}
diff --git a/nowait-common/src/main/java/com/nowait/common/exception/ErrorMessage.java b/nowait-common/src/main/java/com/nowait/common/exception/ErrorMessage.java
index 538800de..422010e8 100644
--- a/nowait-common/src/main/java/com/nowait/common/exception/ErrorMessage.java
+++ b/nowait-common/src/main/java/com/nowait/common/exception/ErrorMessage.java
@@ -25,6 +25,8 @@ public enum ErrorMessage {
 
 	//reservation
 	NOTFOUND_RESERVATION("저장된 예약 정보가 없습니다.", "reservation001"),
+	RESERVATION_VIEW_UNAUTHORIZED("예약 보기 권한이 없습니다.(슈퍼계정 or 주점 관리자만 가능)", "reservation002"),
+	RESERVATION_UPDATE_UNAUTHORIZED("예약 수정 권한이 없습니다.(슈퍼계정 or 주점 관리자만 가능)", "reservation003"),
 
 	// bookmark
 	DUPLICATE_BOOKMARK("이미 북마크한 주점입니다.", "bookmark001"),
diff --git a/nowait-domain/domain-core-rdb/src/main/java/com/nowait/domaincorerdb/reservation/exception/ReservationUpdateUnauthorizedException.java b/nowait-domain/domain-core-rdb/src/main/java/com/nowait/domaincorerdb/reservation/exception/ReservationUpdateUnauthorizedException.java
new file mode 100644
index 00000000..f2af519b
--- /dev/null
+++ b/nowait-domain/domain-core-rdb/src/main/java/com/nowait/domaincorerdb/reservation/exception/ReservationUpdateUnauthorizedException.java
@@ -0,0 +1,10 @@
+package com.nowait.domaincorerdb.reservation.exception;
+
+import com.nowait.common.exception.ErrorMessage;
+
+public class ReservationUpdateUnauthorizedException extends RuntimeException {
+	public ReservationUpdateUnauthorizedException() {
+		super(ErrorMessage.RESERVATION_UPDATE_UNAUTHORIZED.getMessage());
+	}
+}
+
diff --git a/nowait-domain/domain-core-rdb/src/main/java/com/nowait/domaincorerdb/reservation/exception/ReservationViewUnauthorizedException.java b/nowait-domain/domain-core-rdb/src/main/java/com/nowait/domaincorerdb/reservation/exception/ReservationViewUnauthorizedException.java
new file mode 100644
index 00000000..e5ff5220
--- /dev/null
+++ b/nowait-domain/domain-core-rdb/src/main/java/com/nowait/domaincorerdb/reservation/exception/ReservationViewUnauthorizedException.java
@@ -0,0 +1,10 @@
+package com.nowait.domaincorerdb.reservation.exception;
+
+import com.nowait.common.exception.ErrorMessage;
+
+public class ReservationViewUnauthorizedException extends RuntimeException {
+	public ReservationViewUnauthorizedException() {
+		super(ErrorMessage.RESERVATION_VIEW_UNAUTHORIZED.getMessage());
+	}
+}
+
diff --git a/nowait-domain/domain-core-rdb/src/main/java/com/nowait/domaincorerdb/user/entity/User.java b/nowait-domain/domain-core-rdb/src/main/java/com/nowait/domaincorerdb/user/entity/User.java
index 86d45d9b..c1502486 100644
--- a/nowait-domain/domain-core-rdb/src/main/java/com/nowait/domaincorerdb/user/entity/User.java
+++ b/nowait-domain/domain-core-rdb/src/main/java/com/nowait/domaincorerdb/user/entity/User.java
@@ -44,6 +44,7 @@ public class User {
     @Enumerated(EnumType.STRING)
     private Role role;
 
+    @Column(nullable = false)
     private Long storeId;
 
     @Builder