diff --git a/htdocs/opensurvey/wizard/choix_autre.php b/htdocs/opensurvey/wizard/choix_autre.php
index fb869d65c69..302cbfccf6a 100644
--- a/htdocs/opensurvey/wizard/choix_autre.php
+++ b/htdocs/opensurvey/wizard/choix_autre.php
@@ -27,6 +27,9 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php");
 
+// Security check
+if (!$user->rights->opensurvey->write) accessforbidden ();
+
 /*
  * Action
  */
diff --git a/htdocs/opensurvey/wizard/choix_date.php b/htdocs/opensurvey/wizard/choix_date.php
index 606b1ecf873..25f6ddc2453 100644
--- a/htdocs/opensurvey/wizard/choix_date.php
+++ b/htdocs/opensurvey/wizard/choix_date.php
@@ -27,6 +27,9 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php");
 
+// Security check
+if (!$user->rights->opensurvey->write) accessforbidden ();
+
 //le format du sondage est DATE
 $_SESSION["formatsondage"] = "D";
 
diff --git a/htdocs/opensurvey/wizard/create_survey.php b/htdocs/opensurvey/wizard/create_survey.php
index cad66b34d4a..a8169d9d5da 100644
--- a/htdocs/opensurvey/wizard/create_survey.php
+++ b/htdocs/opensurvey/wizard/create_survey.php
@@ -27,8 +27,10 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php");
 
-$langs->load("opensurvey");
+// Security check
+if (!$user->rights->opensurvey->write) accessforbidden ();
 
+$langs->load("opensurvey");
 
 // On teste toutes les variables pour supprimer l'ensemble des warnings PHP
 // On transforme en entites html les données afin éviter les failles XSS
diff --git a/htdocs/opensurvey/wizard/index.php b/htdocs/opensurvey/wizard/index.php
index 6bb6403ff72..fab1a86320d 100644
--- a/htdocs/opensurvey/wizard/index.php
+++ b/htdocs/opensurvey/wizard/index.php
@@ -28,8 +28,10 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php");
 
-$langs->load("opensurvey");
+// Security check
+if (!$user->rights->opensurvey->write) accessforbidden ();
 
+$langs->load("opensurvey");
 
 /*
  * View