diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index ffde78779a0eb282a9018da2bcba84b1ae0a0d69..a949353b69bc93962ef1839acce6752a8297b712 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -78,7 +78,7 @@ security:
         - { path: ^/modele-analyse, roles: ROLE_ADMIN }
         - { path: ^/mesure-protection, roles: ROLE_ADMIN }
         - { path: ^/espace-documentaire/creer$, roles: ROLE_ADMIN }
-        - { path: ^/espace-documentaire/telecharger, roles: ROLE_USER }
+        - { path: ^/espace-documentaire/telecharger, roles: ROLE_PREVIEW }
         - { path: ^/espace-documentaire/modifier/.+$, roles: ROLE_ADMIN }
         - { path: ^/espace-documentaire/supprimer/.+$, roles: ROLE_ADMIN }
         - { path: ^/espace-documentaire/categorie, roles: ROLE_ADMIN }
diff --git a/src/Domain/Documentation/Controller/DocumentController.php b/src/Domain/Documentation/Controller/DocumentController.php
index 162c0692519f391b7ef0042bd8ecd1e7c8fa0985..631a8d4659afdf1f03277836760d64b7e39202e4 100644
--- a/src/Domain/Documentation/Controller/DocumentController.php
+++ b/src/Domain/Documentation/Controller/DocumentController.php
@@ -305,10 +305,6 @@ class DocumentController extends CRUDController
         if (!$doc) {
             throw new NotFoundHttpException('Document introuvable');
         }
-        // check if user is creator or admin
-        if (!$this->authorizationChecker->isGranted('ROLE_ADMIN') && $this->userProvider->getAuthenticatedUser() !== $doc->getCreator()) {
-            throw new NotFoundHttpException('Document introuvable');
-        }
 
         if ($doc->getIsLink()) {
             return $this->redirect($doc->getUrl());