diff --git a/src/cmdforge/registry/app.py b/src/cmdforge/registry/app.py
index 94a0977..adcd370 100644
--- a/src/cmdforge/registry/app.py
+++ b/src/cmdforge/registry/app.py
@@ -1357,7 +1357,7 @@ def create_app() -> Flask:
     # -------------------------------------------------------------------------
 
     @app.route("/api/v1/admin/collections", methods=["GET"])
-    @require_auth
+    @require_admin
     def admin_list_collections() -> Response:
         """List all collections with full details (admin)."""
         user = get_current_user()
@@ -1389,7 +1389,7 @@ def create_app() -> Flask:
         return jsonify({"data": data})
 
     @app.route("/api/v1/admin/collections", methods=["POST"])
-    @require_auth
+    @require_admin
     def admin_create_collection() -> Response:
         """Create a new collection (admin)."""
         user = get_current_user()
@@ -1453,7 +1453,7 @@ def create_app() -> Flask:
             return error_response("SERVER_ERROR", str(e), 500)
 
     @app.route("/api/v1/admin/collections/<name>", methods=["PUT"])
-    @require_auth
+    @require_admin
     def admin_update_collection(name: str) -> Response:
         """Update a collection (admin)."""
         user = get_current_user()
@@ -1523,7 +1523,7 @@ def create_app() -> Flask:
             return error_response("SERVER_ERROR", str(e), 500)
 
     @app.route("/api/v1/admin/collections/<name>", methods=["DELETE"])
-    @require_auth
+    @require_admin
     def admin_delete_collection(name: str) -> Response:
         """Delete a collection (admin)."""
         user = get_current_user()