diff --git a/src/main/java/com/example/locavel/config/SecurityConfig.java b/src/main/java/com/example/locavel/config/SecurityConfig.java
index 96f2074..5662c13 100644
--- a/src/main/java/com/example/locavel/config/SecurityConfig.java
+++ b/src/main/java/com/example/locavel/config/SecurityConfig.java
@@ -81,7 +81,6 @@ public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
                         //TODO : 등급 관련 api 일단 모두 허용, 추후 삭제
                         .requestMatchers("/api/users/{user_id}/grade").permitAll()
                         .requestMatchers("/api/users/{user_id}/grade").permitAll()
-                        .requestMatchers("/api/users/**").permitAll()
                         //TODO : 헬스체크용 api 허용
                         .requestMatchers("/health").permitAll()
                         .anyRequest().authenticated()) // 위의 경로 이외에는 모두 인증된 사용자만 접근 가능
diff --git a/src/main/java/com/example/locavel/domain/User.java b/src/main/java/com/example/locavel/domain/User.java
index 37474ec..ac131ed 100644
--- a/src/main/java/com/example/locavel/domain/User.java
+++ b/src/main/java/com/example/locavel/domain/User.java
@@ -59,7 +59,7 @@ public class User extends BaseEntity {
     @Enumerated(EnumType.STRING)
     private Grade travelerGrade = Grade.IRON;
 
-    @OneToOne(cascade = CascadeType.ALL)
+    @ManyToOne(fetch = FetchType.LAZY)
     @JoinColumn(name = "region_id")
     private Region my_area;
 
diff --git a/src/main/java/com/example/locavel/service/userService/UserCommandServiceImpl.java b/src/main/java/com/example/locavel/service/userService/UserCommandServiceImpl.java
index baacc08..9fb6d38 100644
--- a/src/main/java/com/example/locavel/service/userService/UserCommandServiceImpl.java
+++ b/src/main/java/com/example/locavel/service/userService/UserCommandServiceImpl.java
@@ -222,8 +222,7 @@ public Grade calculateLocalGrade ( int score){
     @Override
     @Transactional
     public User setMyArea(HttpServletRequest httpServletRequest, String distinct) {
-        String email = httpServletRequest.getUserPrincipal().getName();
-        User user = userRepository.findByEmail(email).orElseThrow(() -> new UserHandler(ErrorStatus.USER_NOT_FOUND));
+        User user = getUser(httpServletRequest);
         Region region = regionRepository.findByName(distinct);
         user.setMy_area(region);
         userRepository.save(user);