diff --git a/apps/participation/tests.py b/apps/participation/tests.py
index 1836e2a..9cdecfb 100644
--- a/apps/participation/tests.py
+++ b/apps/participation/tests.py
@@ -439,6 +439,36 @@ class TestStudentParticipation(TestCase):
         response = self.client.get(reverse("participation:participation_detail", args=(self.team.participation.pk,)))
         self.assertEqual(response.status_code, 200)
 
+    def test_forbidden_access(self):
+        """
+        Load personnal pages and ensure that these are protected.
+        """
+        self.user.registration.team = self.team
+        self.user.registration.save()
+
+        resp = self.client.get(reverse("participation:team_detail", args=(self.second_team.pk,)))
+        self.assertEqual(resp.status_code, 403)
+        resp = self.client.get(reverse("participation:update_team", args=(self.second_team.pk,)))
+        self.assertEqual(resp.status_code, 403)
+        resp = self.client.get(reverse("participation:team_authorizations", args=(self.second_team.pk,)))
+        self.assertEqual(resp.status_code, 403)
+        resp = self.client.get(reverse("participation:participation_detail", args=(self.second_team.pk,)))
+        self.assertEqual(resp.status_code, 403)
+        resp = self.client.get(reverse("participation:upload_video",
+                                       args=(self.second_team.participation.solution.pk,)))
+        self.assertEqual(resp.status_code, 403)
+        resp = self.client.get(reverse("participation:upload_video",
+                                       args=(self.second_team.participation.synthesis.pk,)))
+        self.assertEqual(resp.status_code, 403)
+        resp = self.client.get(reverse("participation:add_question", args=(self.second_team.pk,)))
+        self.assertEqual(resp.status_code, 403)
+        question = Question.objects.create(participation=self.second_team.participation,
+                                           question=self.question.question)
+        resp = self.client.get(reverse("participation:update_question", args=(question.pk,)))
+        self.assertEqual(resp.status_code, 403)
+        resp = self.client.get(reverse("participation:delete_question", args=(question.pk,)))
+        self.assertEqual(resp.status_code, 403)
+
 
 class TestAdminForbidden(TestCase):
     def setUp(self) -> None:
diff --git a/apps/participation/views.py b/apps/participation/views.py
index 064c25a..3098a06 100644
--- a/apps/participation/views.py
+++ b/apps/participation/views.py
@@ -241,7 +241,9 @@ class TeamUpdateView(LoginRequiredMixin, UpdateView):
 
     def dispatch(self, request, *args, **kwargs):
         user = request.user
-        if user.registration.is_admin or user.registration.participates and user.registration.team.pk == kwargs["pk"]:
+        if user.registration.is_admin or user.registration.participates and \
+                user.registration.team and \
+                user.registration.team.pk == kwargs["pk"]:
             return super().dispatch(request, *args, **kwargs)
         raise PermissionDenied