diff --git a/application/Espo/Controllers/EmailAddress.php b/application/Espo/Controllers/EmailAddress.php
index dde3bc1696..1f0d92cb39 100644
--- a/application/Espo/Controllers/EmailAddress.php
+++ b/application/Espo/Controllers/EmailAddress.php
@@ -38,6 +38,9 @@ class EmailAddress extends \Espo\Core\Controllers\Record
         if (!$this->getAcl()->checkScope('Email')) {
             throw new Forbidden();
         }
+        if (!$this->getAcl()->checkScope('Email', 'create')) {
+            throw new Forbidden();
+        }
         $q = $request->get('q');
         $limit = intval($request->get('limit'));
         if (empty($limit) || $limit > 30) {
diff --git a/application/Espo/Services/EmailAddress.php b/application/Espo/Services/EmailAddress.php
index 47048d5f44..93b7dadb21 100644
--- a/application/Espo/Services/EmailAddress.php
+++ b/application/Espo/Services/EmailAddress.php
@@ -58,7 +58,9 @@ class EmailAddress extends Record
             'limit' => $limit
         );
 
-        $this->getSelectManagerFactory()->create($entityType)->manageAccess($searchParams);
+        $selectManager = $this->getSelectManagerFactory()->create($entityType);
+
+        $selectManager->applyAccess($searchParams);
 
         $collection = $this->getEntityManager()->getRepository($entityType)->find($searchParams);
 
@@ -91,13 +93,15 @@ class EmailAddress extends Record
     protected function findInInboundEmail($query, $limit, &$result)
     {
         $pdo = $this->getEntityManager()->getPDO();
-        $qu = $this->getEntityManager()->getQuery()->createSelectQuery('InboundEmail', [
+
+        $selectParams = [
             'select' => ['id', 'name', 'emailAddress'],
             'whereClause' => [
                 'emailAddress*' => $query . '%'
             ],
             'orderBy' => 'name',
-        ]);
+        ];
+        $qu = $this->getEntityManager()->getQuery()->createSelectQuery('InboundEmail', $selectParams);
 
         $sth = $pdo->prepare($qu);
         $sth->execute();