Question about role ADMIN

[pinootto]

Is it correct the following configuration in the file applicationContext.xml?

<sec:http pattern="/admin/**" create-session="never">
    <sec:http-basic entry-point-ref="restAuthenticationEntryPoint"/>
    <sec:intercept-url pattern="/**" access="ROLE_USER"/>
</sec:http>
<sec:http pattern="/action/user" create-session="never">
    <sec:http-basic entry-point-ref="restAuthenticationEntryPoint"/>
    <sec:intercept-url pattern="/**" access="ROLE_USER"/>
</sec:http>

The pattern="/admin/**" is associated with ROLE_USER. Is it correct? or should it be associated with ROLE_ADMIN?

[garyhellman]

I tried switching "/admin/**" to ROLE_ADMIN - then login required "jimi"(ROLE_ADMIN) - "bob"(ROLE_USER) would not authenticate.
However, after jimi logged out, bob could login (with just ROLE_USER) and then also have access to admin screen.