diff --git a/htdocs/takepos/admin/printqr.php b/htdocs/takepos/admin/printqr.php
index 1348a905608..d459fedf58f 100644
--- a/htdocs/takepos/admin/printqr.php
+++ b/htdocs/takepos/admin/printqr.php
@@ -23,6 +23,9 @@
 
 require '../../main.inc.php';
 
+// Security check
+if (!$user->admin) accessforbidden();
+
 $langs->load("cashdesk");
 
 $id = GETPOST('id', 'int');