diff --git a/src/Form/UwContentModerationForm.php b/src/Form/UwContentModerationForm.php
index d8422359162e59bd3959fe1aef027bc224d046b5..5615ea8e9dcf806fac03247f6251274b236ef9b4 100644
--- a/src/Form/UwContentModerationForm.php
+++ b/src/Form/UwContentModerationForm.php
@@ -76,9 +76,27 @@ class UwContentModerationForm extends ConfirmFormBase {
    *   A AccessResult object.
    */
   public function access(int $nid, AccountInterface $account): AccessResult {
+
+    // Ensure that anonymous users can not
+    // access this form.
+    if ($account->isAnonymous()) {
+      return AccessResult::forbidden();
+    }
+
+    // Ensure that home page access is respected.
     if (UWService::nodeIsHomePage($nid) && !$account->hasPermission('bypass home page protection')) {
       return AccessResult::forbidden();
     }
+
+    // Get the node.
+    $node = $this->entityTypeManager->getStorage('node')->load($nid);
+
+    // If the user does not have permission to edit the node
+    // forbid them from the link.
+    if (!$account->hasPermission('edit any ' . $node->bundle() . ' content')) {
+      return AccessResult::forbidden();
+    }
+
     return AccessResult::allowed();
   }
 
diff --git a/uw_cfg_common.routing.yml b/uw_cfg_common.routing.yml
index 1ed8d31e50363693d4d28066f3a63ca69a739bfc..ed1706a8fc6be4077ddab0c165ff4debc6b31f54 100644
--- a/uw_cfg_common.routing.yml
+++ b/uw_cfg_common.routing.yml
@@ -12,7 +12,6 @@ uw_content_moderation.form:
     _form: '\Drupal\uw_cfg_common\Form\UwContentModerationForm'
   requirements:
     _custom_access: '\Drupal\uw_cfg_common\Form\UwContentModerationForm::access'
-    _permission: 'access content'
 uw_cfg_common.analytics_ownership.form:
   path: '/admin/config/google_analytics_settings'
   defaults: