diff --git a/apps/Backend/src/routes/staffs.ts b/apps/Backend/src/routes/staffs.ts
index 0660a4c..ae74855 100644
--- a/apps/Backend/src/routes/staffs.ts
+++ b/apps/Backend/src/routes/staffs.ts
@@ -15,7 +15,13 @@ const router = Router();
 
 router.post("/", async (req: Request, res: Response): Promise<any> => {
   try {
-    const validatedData = staffCreateSchema.parse(req.body);
+    const userId = req.user!.id; // from auth middleware
+
+    const validatedData = staffCreateSchema.parse({
+      ...req.body,
+      userId,
+    });
+    
     const newStaff = await storage.createStaff(validatedData);
     res.status(200).json(newStaff);
   } catch (error) {
diff --git a/apps/Frontend/src/lib/queryClient.ts b/apps/Frontend/src/lib/queryClient.ts
index 987247e..01e2b51 100644
--- a/apps/Frontend/src/lib/queryClient.ts
+++ b/apps/Frontend/src/lib/queryClient.ts
@@ -4,7 +4,7 @@ const API_BASE_URL = import.meta.env.VITE_API_BASE_URL_BACKEND ?? "";
 
 async function throwIfResNotOk(res: Response) {
   if (!res.ok) {
-    if (res.status === 401 || res.status === 403) {
+    if (res.status === 401) {
       localStorage.removeItem("token");
       if (!window.location.pathname.startsWith("/auth")) {
         window.location.href = "/auth";
diff --git a/packages/db/prisma/schema.prisma b/packages/db/prisma/schema.prisma
index c32303a..46e1ab3 100644
--- a/packages/db/prisma/schema.prisma
+++ b/packages/db/prisma/schema.prisma
@@ -100,7 +100,7 @@ model Appointment {
 
 model Staff {
   id           Int           @id @default(autoincrement())
-  userId       Int?
+  userId       Int
   name         String
   email        String?
   role         String // e.g., "Dentist", "Hygienist", "Assistant"