diff --git a/server/src/http/routes/admin/etablissement.controller.ts b/server/src/http/routes/admin/etablissement.controller.ts
index ea610fd343..0c98a8b2c7 100644
--- a/server/src/http/routes/admin/etablissement.controller.ts
+++ b/server/src/http/routes/admin/etablissement.controller.ts
@@ -18,7 +18,7 @@ export default (server: Server) => {
       onRequest: [server.auth(zRoutes.get["/admin/etablissements/siret-formateur/:siret"])],
     },
     async ({ params }, res) => {
-      const etablissement = await Etablissement.findOne({ formateur_siret: params.siret })
+      const etablissement = await Etablissement.findOne({ formateur_siret: params.siret }).lean()
 
       if (!etablissement) {
         throw Boom.notFound()
@@ -38,7 +38,7 @@ export default (server: Server) => {
       onRequest: [server.auth(zRoutes.get["/admin/etablissements/:id"])],
     },
     async (req, res) => {
-      const etablissement = await Etablissement.findById(req.params.id)
+      const etablissement = await Etablissement.findById(req.params.id).lean()
 
       if (!etablissement) {
         throw Boom.notFound()
diff --git a/server/src/http/routes/admin/formations.controller.ts b/server/src/http/routes/admin/formations.controller.ts
index 13e95ac06c..f8f3c8381c 100644
--- a/server/src/http/routes/admin/formations.controller.ts
+++ b/server/src/http/routes/admin/formations.controller.ts
@@ -1,3 +1,4 @@
+import Boom from "boom"
 import { zRoutes } from "shared/index"
 
 import { getCatalogueFormations } from "../../../services/catalogue.service"
@@ -19,12 +20,18 @@ export default (server: Server) => {
     async (req, res) => {
       const { search_item } = req.query
 
+      if (!search_item) {
+        throw Boom.badRequest("Invalid search_item.")
+      }
+
+      const searchItemDecoded = decodeURIComponent(search_item)
+
       const response = await getCatalogueFormations({
         $or: [
-          { etablissement_formateur_siret: search_item },
-          { etablissement_formateur_uai: search_item },
-          { id_rco_formation: search_item },
-          { cle_ministere_educatif: search_item },
+          { etablissement_formateur_siret: searchItemDecoded },
+          { etablissement_formateur_uai: searchItemDecoded },
+          { id_rco_formation: searchItemDecoded },
+          { cle_ministere_educatif: searchItemDecoded },
         ],
       })
 
diff --git a/shared/models/elligibleTraining.model.ts b/shared/models/elligibleTraining.model.ts
index 59ccdf6ce4..b969b2c3dc 100644
--- a/shared/models/elligibleTraining.model.ts
+++ b/shared/models/elligibleTraining.model.ts
@@ -14,7 +14,7 @@ export const ZEligibleTrainingsForAppointmentSchema = z
     etablissement_formateur_zip_code: ZEtablissement.shape.formateur_zip_code,
     training_code_formation_diplome: z.string(),
     lieu_formation_email: z.string().nullable(),
-    is_lieu_formation_email_customized: z.boolean().nullable(),
+    is_lieu_formation_email_customized: z.boolean().nullish(),
     referrers: z.array(z.string()).default([]),
     rco_formation_id: z.string().nullable(),
     is_catalogue_published: z.boolean(),
diff --git a/shared/routes/eligibleTrainingsForAppointment.routes.ts b/shared/routes/eligibleTrainingsForAppointment.routes.ts
index d5d17d5834..09af3e3e08 100644
--- a/shared/routes/eligibleTrainingsForAppointment.routes.ts
+++ b/shared/routes/eligibleTrainingsForAppointment.routes.ts
@@ -17,7 +17,13 @@ export const zEligibleTrainingsForAppointmentRoutes = {
       securityScheme: {
         auth: "cookie-session",
         access: "admin",
-        ressources: {},
+        ressources: {
+          eligibleTrainingsForAppointment: [
+            {
+              etablissement_formateur_siret: { type: "params", key: "siret" },
+            },
+          ],
+        },
       },
     },
   },
@@ -44,7 +50,13 @@ export const zEligibleTrainingsForAppointmentRoutes = {
       securityScheme: {
         auth: "cookie-session",
         access: "admin",
-        ressources: {},
+        ressources: {
+          eligibleTrainingsForAppointment: [
+            {
+              _id: { type: "params", key: "id" },
+            },
+          ],
+        },
       },
     },
   },
diff --git a/shared/routes/etablissement.routes.ts b/shared/routes/etablissement.routes.ts
index 69f22b4f31..ea29cdcfce 100644
--- a/shared/routes/etablissement.routes.ts
+++ b/shared/routes/etablissement.routes.ts
@@ -12,14 +12,18 @@ export const zEtablissementRoutes = {
       path: "/admin/etablissements/siret-formateur/:siret",
       params: z.object({ siret: extensions.siret }).strict(),
       response: {
-        // TODO ANY TO BE FIXED
-        "2xx": z.any(),
-        // "2xx": ZEtablissement,
+        "2xx": ZEtablissement.strict(),
       },
       securityScheme: {
         auth: "cookie-session",
         access: "admin",
-        ressources: {},
+        ressources: {
+          eligibleTrainingsForAppointment: [
+            {
+              etablissement_formateur_siret: { type: "params", key: "siret" },
+            },
+          ],
+        },
       },
     },
     "/admin/etablissements/:id": {
@@ -27,14 +31,18 @@ export const zEtablissementRoutes = {
       path: "/admin/etablissements/:id",
       params: z.object({ id: zObjectId }).strict(),
       response: {
-        // TODO ANY TO BE FIXED
-        "2xx": z.any(),
-        // "2xx": ZEtablissement,
+        "2xx": ZEtablissement.strict(),
       },
       securityScheme: {
         auth: "cookie-session",
         access: "admin",
-        ressources: {},
+        ressources: {
+          etablissement: [
+            {
+              _id: { type: "params", key: "id" },
+            },
+          ],
+        },
       },
     },
     "/etablissements/:id": {
@@ -127,7 +135,13 @@ export const zEtablissementRoutes = {
       securityScheme: {
         auth: "cookie-session",
         access: "admin",
-        ressources: {},
+        ressources: {
+          etablissement: [
+            {
+              _id: { type: "params", key: "id" },
+            },
+          ],
+        },
       },
     },
     "/etablissements/:id/appointments/:appointmentId": {
diff --git a/shared/routes/formations.routes.ts b/shared/routes/formations.routes.ts
index 9b57c39481..681c0bf6e2 100644
--- a/shared/routes/formations.routes.ts
+++ b/shared/routes/formations.routes.ts
@@ -15,7 +15,13 @@ export const zFormationRoute = {
       securityScheme: {
         auth: "cookie-session",
         access: "admin",
-        ressources: {},
+        ressources: {
+          formationCatalogue: [
+            {
+              cle_ministere_educatif: { type: "query", key: "search_item" },
+            },
+          ],
+        },
       },
     },
   },
diff --git a/shared/security/permissions.ts b/shared/security/permissions.ts
index 519739dfad..a4ae1d9f7b 100644
--- a/shared/security/permissions.ts
+++ b/shared/security/permissions.ts
@@ -50,6 +50,20 @@ export type AccessRessouces = {
         opco: AccessResourcePath
       }
   >
+  eligibleTrainingsForAppointment?: ReadonlyArray<
+    | {
+        _id: AccessResourcePath
+      }
+    | {
+        etablissement_formateur_siret: AccessResourcePath
+      }
+  >
+  etablissement?: ReadonlyArray<{
+    _id: AccessResourcePath
+  }>
+  formationCatalogue?: ReadonlyArray<{
+    cle_ministere_educatif: AccessResourcePath
+  }>
   job?: ReadonlyArray<{
     _id: AccessResourcePath
   }>