diff --git a/app/controllers/backoffice/dossiers_controller.rb b/app/controllers/backoffice/dossiers_controller.rb
index 4a27784ad..1c421a6de 100644
--- a/app/controllers/backoffice/dossiers_controller.rb
+++ b/app/controllers/backoffice/dossiers_controller.rb
@@ -1,6 +1,8 @@
 class Backoffice::DossiersController < Backoffice::DossiersListController
   respond_to :html, :xlsx, :ods, :csv
 
+  before_action :ensure_gestionnaire_is_authorized, only: :show
+
   def index
     procedure = current_gestionnaire.procedure_filter
 
@@ -185,6 +187,14 @@ class Backoffice::DossiersController < Backoffice::DossiersListController
 
   private
 
+  def ensure_gestionnaire_is_authorized
+    current_gestionnaire.dossiers.find(params[:id])
+
+  rescue ActiveRecord::RecordNotFound
+    flash.alert = t('errors.messages.dossier_not_found')
+    redirect_to url_for(controller: '/backoffice')
+  end
+
   def create_dossier_facade dossier_id
     @facade = DossierFacades.new dossier_id, current_gestionnaire.email
 
diff --git a/spec/features/backoffice/add_commentaire_spec.rb b/spec/features/backoffice/add_commentaire_spec.rb
index 723f2e416..4a02c93c8 100644
--- a/spec/features/backoffice/add_commentaire_spec.rb
+++ b/spec/features/backoffice/add_commentaire_spec.rb
@@ -1,7 +1,8 @@
 require 'spec_helper'
 
 feature 'add commentaire on backoffice' do
-  let(:dossier) { create(:dossier, :with_entreprise) }
+  let(:procedure) { create(:procedure) }
+  let(:dossier) { create(:dossier, :with_entreprise, procedure: procedure, state: 'updated') }
   let(:dossier_id) { dossier.id }
   let!(:commentaire) { create(:commentaire, dossier: dossier, email: 'toto@toto.com') }
   let(:email_commentaire) { 'test@test.com' }
@@ -10,6 +11,7 @@ feature 'add commentaire on backoffice' do
   let(:body) { 'Commentaire de test' }
 
   before do
+    create :assign_to, gestionnaire: gestionnaire, procedure: procedure
     login_as gestionnaire, scope: :gestionnaire
     visit backoffice_dossier_path(dossier)
   end
diff --git a/spec/features/backoffice/flux_de_commentaires_spec.rb b/spec/features/backoffice/flux_de_commentaires_spec.rb
index cb01618cd..f2eef84f0 100644
--- a/spec/features/backoffice/flux_de_commentaires_spec.rb
+++ b/spec/features/backoffice/flux_de_commentaires_spec.rb
@@ -1,12 +1,13 @@
 require 'spec_helper'
 
 feature 'backoffice: flux de commentaires' do
+  let(:procedure) { create(:procedure) }
   let(:gestionnaire) { create(:gestionnaire) }
-  let(:dossier) { create(:dossier, :with_entreprise) }
+  let(:dossier) { create(:dossier, :with_entreprise, procedure: procedure, state: 'updated') }
   let(:dossier_id) { dossier.id }
 
-  let(:champ1) { dossier.champs.first }
-  let(:champ2) { create(:champ, dossier: dossier, type_de_champ: create(:type_de_champ_public, libelle: "subtitle")) }
+  let(:champ1) { create(:champ, dossier: dossier, type_de_champ: create(:type_de_champ_public, libelle: "subtitle1")) }
+  let(:champ2) { create(:champ, dossier: dossier, type_de_champ: create(:type_de_champ_public, libelle: "subtitle2")) }
 
   let!(:commentaire1) { create(:commentaire, dossier: dossier, champ: champ1) }
   let!(:commentaire2) { create(:commentaire, dossier: dossier) }
@@ -14,6 +15,7 @@ feature 'backoffice: flux de commentaires' do
   let!(:commentaire4) { create(:commentaire, dossier: dossier, champ: champ1) }
 
   before do
+    create :assign_to, gestionnaire: gestionnaire, procedure: procedure
     login_as gestionnaire, scope: :gestionnaire
     visit backoffice_dossier_path(dossier)
   end
diff --git a/spec/features/backoffice/navigate_to_dossier_spec.rb b/spec/features/backoffice/navigate_to_dossier_spec.rb
index b9c2222fa..8dcd90533 100644
--- a/spec/features/backoffice/navigate_to_dossier_spec.rb
+++ b/spec/features/backoffice/navigate_to_dossier_spec.rb
@@ -32,6 +32,18 @@ feature 'on backoffice page', js: true do
         expect(page).to have_css('#backoffice-dossier-show')
       end
     end
+
+    context "and goes to the page of a dossier he hasn't access to" do
+      let!(:unauthorized_dossier) { create(:dossier, :with_entreprise, state: 'updated') }
+
+      before do
+        visit backoffice_dossier_path(unauthorized_dossier)
+      end
+
+      scenario "it shows an error message" do
+        expect(page).to have_content("Le dossier n'existe pas ou vous n'y avez pas accès.")
+      end
+    end
   end
 
   context 'when gestionnaire have enterprise and individual dossier in his inbox', js: true do