diff --git a/interface/main/onotes/office_comments.php b/interface/main/onotes/office_comments.php
index 932fab663c4..67b617ebb53 100644
--- a/interface/main/onotes/office_comments.php
+++ b/interface/main/onotes/office_comments.php
@@ -12,9 +12,16 @@
 
 require_once("../../globals.php");
 
+use OpenEMR\Common\Acl\AclMain;
 use OpenEMR\Core\Header;
 use OpenEMR\Services\ONoteService;
 
+// Control access
+if (!AclMain::aclCheckCore('encounters', 'notes')) {
+    echo xlt('Not Authorized');
+    exit;
+}
+
 //display all of the notes for the day, as well as others that are active from previous dates, up to a certain number, $N
 $N = 10;
 
diff --git a/interface/main/onotes/office_comments_full.php b/interface/main/onotes/office_comments_full.php
index 61509219030..f4d38aef946 100644
--- a/interface/main/onotes/office_comments_full.php
+++ b/interface/main/onotes/office_comments_full.php
@@ -12,10 +12,17 @@
 
 require_once("../../globals.php");
 
+use OpenEMR\Common\Acl\AclMain;
 use OpenEMR\Common\Csrf\CsrfUtils;
 use OpenEMR\Core\Header;
 use OpenEMR\Services\ONoteService;
 
+// Control access
+if (!AclMain::aclCheckCore('encounters', 'notes')) {
+    echo xlt('Not Authorized');
+    exit;
+}
+
 $oNoteService = new ONoteService();
 
 //the number of records to display per screen
diff --git a/interface/modules/zend_modules/module/Installer/view/installer/installer/index.phtml b/interface/modules/zend_modules/module/Installer/view/installer/installer/index.phtml
index 1a172d46e8b..c2927522a6f 100644
--- a/interface/modules/zend_modules/module/Installer/view/installer/installer/index.phtml
+++ b/interface/modules/zend_modules/module/Installer/view/installer/installer/index.phtml
@@ -12,6 +12,12 @@
  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  */
 
+// Control access
+if (!OpenEMR\Common\Acl\AclMain::aclCheckCore('admin', 'manage_modules')) {
+    echo xlt('Not Authorized');
+    exit;
+}
+
 echo $this->headScript()->appendFile(
     $this->basePath() . '/js/installer/action.js?v=' . $GLOBALS['v_js_includes'],
     'text/javascript'
diff --git a/interface/reports/audit_log_tamper_report.php b/interface/reports/audit_log_tamper_report.php
index 76c7801d420..0961bfa973b 100644
--- a/interface/reports/audit_log_tamper_report.php
+++ b/interface/reports/audit_log_tamper_report.php
@@ -14,11 +14,18 @@
 
 require_once("../globals.php");
 
+use OpenEMR\Common\Acl\AclMain;
 use OpenEMR\Common\Crypto\CryptoGen;
 use OpenEMR\Common\Csrf\CsrfUtils;
 use OpenEMR\Common\Logging\EventAuditLogger;
 use OpenEMR\Core\Header;
 
+// Control access
+if (!AclMain::aclCheckCore('admin', 'super')) {
+    echo xlt('Not Authorized');
+    exit;
+}
+
 if (!empty($_GET)) {
     if (!CsrfUtils::verifyCsrfToken($_GET["csrf_token_form"])) {
         CsrfUtils::csrfNotVerified();