diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py
index 3e742c3e22..d62c68dc82 100644
--- a/frappe/core/doctype/user/user.py
+++ b/frappe/core/doctype/user/user.py
@@ -1043,6 +1043,9 @@ def has_email_account(email: str):
 
 @frappe.whitelist(allow_guest=False)
 def get_email_awaiting(user: str):
+	if user != frappe.session.user:
+		frappe.has_permission("User", "read", doc=user, throw=True)
+
 	return frappe.get_all(
 		"User Email",
 		fields=["email_account", "email_id"],