diff --git a/frappe/desk/form/document_follow.py b/frappe/desk/form/document_follow.py
index 39f5f1530e..92e8207f07 100644
--- a/frappe/desk/form/document_follow.py
+++ b/frappe/desk/form/document_follow.py
@@ -58,6 +58,9 @@ def follow_document(doctype: str, doc_name: str, user: str) -> Document | bool:
 		frappe.toast(_("Administrator can't follow"))
 		return False
 
+	if user != frappe.session.user and not frappe.has_permission("Document Follow", "write"):
+		frappe.throw(_("You can only follow documents for yourself."), frappe.PermissionError)
+
 	if not frappe.db.get_value("User", user, "document_follow_notify", ignore=True, cache=True):
 		frappe.toast(_("Document follow is not enabled for this user."))
 		return False
@@ -74,6 +77,9 @@ def follow_document(doctype: str, doc_name: str, user: str) -> Document | bool:
 
 @frappe.whitelist()
 def unfollow_document(doctype: str, doc_name: str, user: str) -> bool:
+	if user != frappe.session.user and not frappe.has_permission("Document Follow", "write"):
+		frappe.throw(_("You can only unfollow documents for yourself."), frappe.PermissionError)
+
 	doc = frappe.get_all(
 		"Document Follow",
 		filters={"ref_doctype": doctype, "ref_docname": doc_name, "user": user},