diff --git a/code/SecurityAdmin.php b/code/SecurityAdmin.php
index 8d079b079..4ac1d1db4 100755
--- a/code/SecurityAdmin.php
+++ b/code/SecurityAdmin.php
@@ -3,6 +3,7 @@
 namespace SilverStripe\Admin;
 
 use SilverStripe\CMS\Controllers\CMSMain;
+use SilverStripe\Control\HTTPResponse;
 use SilverStripe\Forms\Form;
 use SilverStripe\Forms\GridField\GridFieldConfig;
 use SilverStripe\Forms\GridField\GridFieldImportButton;
@@ -86,6 +87,10 @@ public function getManagedModels()
      */
     public function ImportForm()
     {
+        // Limit import to admin since the import logic can affect assigned permissions
+        if (!Permission::check('ADMIN')) {
+            return false;
+        }
         $form = parent::ImportForm();
         if (!$form) {
             return $form;
@@ -113,6 +118,15 @@ public function ImportForm()
         return $form;
     }
 
+    public function import(array $data, Form $form): HTTPResponse
+    {
+        // Limit import to admin since the import logic can affect assigned permissions
+        if (!Permission::check('ADMIN')) {
+            $this->httpError(403);
+        }
+        return parent::import($data, $form);
+    }
+
     protected function getGridFieldConfig(): GridFieldConfig
     {
         $config = parent::getGridFieldConfig();