diff --git a/include/client/view.inc.php b/include/client/view.inc.php
index f326e2f29a4a759cb1fb7f4b968593f050bdd301..02e72f4b0d60caee5d13a6b6fa8a4d3481cbd047 100644
--- a/include/client/view.inc.php
+++ b/include/client/view.inc.php
@@ -26,7 +26,9 @@ if ($thisclient && $thisclient->isGuest()
             <h1>
                 Ticket #<?php echo $ticket->getNumber(); ?> &nbsp;
                 <a href="tickets.php?id=<?php echo $ticket->getId(); ?>" title="Reload"><span class="Icon refresh">&nbsp;</span></a>
-<?php if ($cfg->allowClientUpdates()) { ?>
+<?php if ($cfg->allowClientUpdates()
+        // Only ticket owners can edit the ticket details (and other forms)
+        && $thisclient->getId() == $ticket->getUserId()) { ?>
                 <a class="action-button" href="tickets.php?a=edit&id=<?php
                      echo $ticket->getId(); ?>"><i class="icon-edit"></i> Edit</a>
 <?php } ?>
diff --git a/tickets.php b/tickets.php
index 9561da31dd62bd7ecbccb4f4b83326845b279e3f..0d675aa88c9075fcbc872e0fdf006161fcd68e96 100644
--- a/tickets.php
+++ b/tickets.php
@@ -40,7 +40,8 @@ if($_POST && is_object($ticket) && $ticket->getId()):
     $errors=array();
     switch(strtolower($_POST['a'])){
     case 'edit':
-        if(!$ticket->checkUserAccess($thisclient)) //double check perm again!
+        if(!$ticket->checkUserAccess($thisclient) //double check perm again!
+                || $thisclient->getId() != $ticket->getUserId())
             $errors['err']='Access Denied. Possibly invalid ticket ID';
         elseif (!$cfg || !$cfg->allowClientUpdates())
             $errors['err']='Access Denied. Client updates are currently disabled';