diff --git a/src/Bundle/ChillPersonBundle/Controller/PersonController.php b/src/Bundle/ChillPersonBundle/Controller/PersonController.php
index a4a29216c..9ea33f7e6 100644
--- a/src/Bundle/ChillPersonBundle/Controller/PersonController.php
+++ b/src/Bundle/ChillPersonBundle/Controller/PersonController.php
@@ -11,6 +11,7 @@ declare(strict_types=1);
 
 namespace Chill\PersonBundle\Controller;
 
+use Chill\MainBundle\Security\Authorization\AuthorizationHelperInterface;
 use Chill\PersonBundle\Config\ConfigPersonAltNamesHelper;
 use Chill\PersonBundle\Entity\Household\Household;
 use Chill\PersonBundle\Entity\Household\HouseholdMember;
@@ -20,6 +21,7 @@ use Chill\PersonBundle\Form\PersonType;
 use Chill\PersonBundle\Privacy\PrivacyEvent;
 use Chill\PersonBundle\Repository\PersonRepository;
 use Chill\PersonBundle\Search\SimilarPersonMatcher;
+use Chill\PersonBundle\Security\Authorization\PersonVoter;
 use DateTimeImmutable;
 use Doctrine\ORM\EntityManagerInterface;
 use Psr\Log\LoggerInterface;
@@ -44,6 +46,8 @@ use function is_array;
 
 final class PersonController extends AbstractController
 {
+    private AuthorizationHelperInterface $authorizationHelper;
+
     /**
      * @var ConfigPersonAltNamesHelper
      */
@@ -85,6 +89,7 @@ final class PersonController extends AbstractController
     private $validator;
 
     public function __construct(
+        AuthorizationHelperInterface $authorizationHelper,
         SimilarPersonMatcher $similarPersonMatcher,
         TranslatorInterface $translator,
         EventDispatcherInterface $eventDispatcher,
@@ -95,6 +100,7 @@ final class PersonController extends AbstractController
         EntityManagerInterface $em,
         Security $security
     ) {
+        $this->authorizationHelper = $authorizationHelper;
         $this->similarPersonMatcher = $similarPersonMatcher;
         $this->translator = $translator;
         $this->eventDispatcher = $eventDispatcher;
@@ -211,15 +217,10 @@ final class PersonController extends AbstractController
     {
         $person = new Person();
 
-        if (
-            1 === count($this->security->getUser()
-                ->getGroupCenters())
-        ) {
-            $person->setCenter(
-                $this->security->getUser()
-                    ->getGroupCenters()[0]
-                    ->getCenter()
-            );
+        $centers = $this->authorizationHelper->getReachableCenters($this->getUser(), PersonVoter::CREATE);
+
+        if (1 === count($centers)) {
+            $person->setCenter($centers[0]);
         }
 
         $form = $this->createForm(CreationPersonType::class, $person)
@@ -246,6 +247,8 @@ final class PersonController extends AbstractController
                 false === $this->isLastPostDataChanges($form, $request, true)
                 || count($alternatePersons) === 0
             ) {
+                $this->denyAccessUnlessGranted(PersonVoter::CREATE, $person);
+                
                 $this->em->persist($person);
 
                 $this->em->flush();