diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/EmpressaController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/EmpressaController.java
index 8e699f2..c003930 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/EmpressaController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/EmpressaController.java
@@ -64,8 +64,14 @@ public class EmpressaController {
 
 
     @PostMapping("/empresa/save")
-    public ResponseEntity<String> saveEmpresa(Empresa empresa, @RequestParam("sector.id") Long sectorId, @RequestParam("joinedKeywords") String keywords){
+    public ResponseEntity<String> saveEmpresa(Empresa empresa, @RequestParam("sector.id") Long sectorId, @RequestParam("joinedKeywords") String keywords, Authentication authentication){
         try{
+            Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+            boolean isAdmin = authorities.stream()
+                    .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+            if (!isAdmin) {
+                throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+            }
             if (keywords != null && !keywords.isEmpty() && keywords.charAt(0) == ',') {
                 keywords = keywords.substring(1);
             }
@@ -106,8 +112,14 @@ public class EmpressaController {
 
 
     @PostMapping("/empresa/update")
-    public ResponseEntity<String> updateEmpresa(Empresa empresa, @RequestParam("sectorId") Long sectorId, @RequestParam("joinedKeywords") String keywords){
+    public ResponseEntity<String> updateEmpresa(Empresa empresa, @RequestParam("sectorId") Long sectorId, @RequestParam("joinedKeywords") String keywords, Authentication authentication){
         try{
+            Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+            boolean isAdmin = authorities.stream()
+                    .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ADMIN"));
+            if (!isAdmin) {
+                throw new ResponseStatusException(HttpStatus.FORBIDDEN, "No tienes permisos para acceder a esta página");
+            }
             if (keywords != null && !keywords.isEmpty() && keywords.charAt(0) == ',') {
                 keywords = keywords.substring(1);
             }
diff --git a/src/main/java/com/example/proyectofinal/controllers/modelControllers/SucursalController.java b/src/main/java/com/example/proyectofinal/controllers/modelControllers/SucursalController.java
index 9480ebf..95802dd 100644
--- a/src/main/java/com/example/proyectofinal/controllers/modelControllers/SucursalController.java
+++ b/src/main/java/com/example/proyectofinal/controllers/modelControllers/SucursalController.java
@@ -4,7 +4,6 @@ import com.example.proyectofinal.models.empresas.Empresa;
 import com.example.proyectofinal.models.empresas.Sucursal;
 import com.example.proyectofinal.servicios.empresa.EmpresaService;
 import com.example.proyectofinal.servicios.empresa.SucursalService;
-import jakarta.annotation.security.RolesAllowed;
 import jakarta.persistence.EntityManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
@@ -63,7 +62,8 @@ public class SucursalController {
                 ArrayList<Sucursal> sucursales;
                 sucursales = (ArrayList<Sucursal>) sucursalService.findAll();
                 for (Sucursal s : sucursales) {
-                    if (s.getSedeCentral() && sedeCentral) {
+                    if (s.getEmpresa().getNombre().equalsIgnoreCase(sucursal.getEmpresa().getNombre()) &&
+                            (s.getSedeCentral() && sedeCentral)){
                         return new ResponseEntity<>("Ya existe una sede central", HttpStatus.BAD_REQUEST);
                     }
                 }
@@ -96,10 +96,10 @@ public class SucursalController {
 
 
     @PostMapping("/sucursal/update")
-    public ResponseEntity<String> updateSucursal(Sucursal sucursal, @RequestParam("empresa.id") Long sectorId, @RequestParam("sedeCentral") boolean sedeCentral){
+    public ResponseEntity<String> updateSucursal(Sucursal sucursal, @RequestParam("empresa.id") Long empresaId, @RequestParam("sedeCentral") boolean sedeCentral){
         try{
             entityManager.detach(sucursal);
-            Empresa existingEmpresa = empresaService.findById(sectorId);
+            Empresa existingEmpresa = empresaService.findById(empresaId);
             sucursal.setEmpresa(existingEmpresa);
             Sucursal existingSucursal = sucursalService.findById(sucursal.getId());
 
@@ -111,7 +111,8 @@ public class SucursalController {
             ArrayList<Sucursal> sucursales;
             sucursales = (ArrayList<Sucursal>) sucursalService.findAll();
             for (Sucursal s : sucursales) {
-                if (s.getSedeCentral() && sedeCentral) {
+                if (s.getEmpresa().getNombre().equalsIgnoreCase(sucursal.getEmpresa().getNombre()) &&
+                        (s.getSedeCentral() && sedeCentral)){
                     return new ResponseEntity<>("Ya existe una sede central", HttpStatus.BAD_REQUEST);
                 }
             }
diff --git a/src/main/resources/static/style.css b/src/main/resources/static/style.css
index e4fe930..9179693 100644
--- a/src/main/resources/static/style.css
+++ b/src/main/resources/static/style.css
@@ -156,13 +156,13 @@ html, body {
 }
 .edit-icon {
     color: #ffa600;
-    margin-right: 5px;
-    margin-left: 5px;
+    margin-right: 2px;
+    margin-left: 2px;
     font-size: 20px;
 }
 .delete-icon {
     color: red;
-    margin-left: 5px;
+    margin-left: 2px;
     font-size: 20px;
 }
 #create-icon {
diff --git a/src/main/resources/templates/list/alumnos.html b/src/main/resources/templates/list/alumnos.html
index 4b7f61e..e054e90 100644
--- a/src/main/resources/templates/list/alumnos.html
+++ b/src/main/resources/templates/list/alumnos.html
@@ -115,7 +115,7 @@
             <tr class="cell" th:each="alumno :${alumnos}" th:data-id="${alumno.id}">
                 <td>
                     <div class ="nombre-cell">
-                        <i class="edit-icon fas fa-pen-square"></i>
+                        <i class="edit-icon fas fa-pen-square hide-icon"></i>
                         <i class="delete-icon fas fa-ban hide-icon"></i>
                         [[${alumno.nombre}]]
                     </div>
@@ -281,6 +281,9 @@
             /*]]>*/
 
             if (isAdmin) {
+                document.querySelectorAll('.edit-icon').forEach(function(icon) {
+                    icon.classList.remove('hide-icon');
+                });
                 document.querySelectorAll('.delete-icon').forEach(function(icon) {
                     icon.classList.remove('hide-icon');
                 });
@@ -295,12 +298,12 @@
                         var row = document.createElement('tr');
                         row.dataset.id = alumno.id;
                         if (isAdmin) {
-                            iconHtml = `<i class="delete-icon fas fa-ban"></i> `;
+                            iconHtml = `<i class="edit-icon fas fa-pen-square"></i>
+                            <i class="delete-icon fas fa-ban"></i> `;
                         }
                         row.innerHTML = `
                 <td>
-                    <i class="edit-icon fas fa-pen-square"></i>
-                    <i class="delete-icon fas fa-ban hide-icon" th:if="${isAdmin}"></i>
+                    ${iconHtml}
                     ${alumno.nombre}
                 </td>
                 <td>${alumno.apellido}</td>
@@ -350,8 +353,6 @@
             handleDelete(event);
         }
     });
-
-    // Create a new observer
     const observer = new MutationObserver(function() {
         // Attach the event listeners to the edit and delete icons
         document.querySelectorAll('.edit-icon').forEach(function(icon) {
@@ -361,8 +362,6 @@
             icon.addEventListener('click', handleDelete);
         });
     });
-
-    // Start observing the document with the configured parameters
     observer.observe(document.querySelector('#table tbody'), { childList: true });
 
     document.addEventListener('DOMContentLoaded', (event) => {