diff --git a/modules/meeting/lib/api/v3/recurring_meetings/occurrences_by_recurring_meeting_api.rb b/modules/meeting/lib/api/v3/recurring_meetings/occurrences_by_recurring_meeting_api.rb
index de6b5b626a6..b440e5ecb29 100644
--- a/modules/meeting/lib/api/v3/recurring_meetings/occurrences_by_recurring_meeting_api.rb
+++ b/modules/meeting/lib/api/v3/recurring_meetings/occurrences_by_recurring_meeting_api.rb
@@ -124,6 +124,7 @@ module API
           route_param :start_time, type: DateTime, desc: "Occurrence start time (ISO 8601)" do
             namespace :init do
               post do
+                authorize_in_project(:create_meetings, project: @recurring_meeting.project)
                 start_time = declared_params[:start_time]
                 call = ::RecurringMeetings::InitOccurrenceService
                          .new(user: current_user, recurring_meeting: @recurring_meeting)
diff --git a/modules/meeting/spec/requests/api/v3/recurring_meetings/occurrences_resource_spec.rb b/modules/meeting/spec/requests/api/v3/recurring_meetings/occurrences_resource_spec.rb
index 8f9b1a26dcd..d6ee4b72e0f 100644
--- a/modules/meeting/spec/requests/api/v3/recurring_meetings/occurrences_resource_spec.rb
+++ b/modules/meeting/spec/requests/api/v3/recurring_meetings/occurrences_resource_spec.rb
@@ -139,6 +139,35 @@ RSpec.describe "API v3 Recurring Meeting Occurrences", content_type: :json do
       response
       expect(recurring_meeting.meetings.not_templated.where(recurrence_start_time: start_time)).to exist
     end
+
+    context "without create_meetings permission" do
+      let(:permissions) { %i[view_meetings] }
+
+      before { response }
+
+      it_behaves_like "unauthorized access"
+    end
+
+    context "when restoring a cancelled occurrence with only view_meetings permission" do
+      let(:permissions) { %i[view_meetings] }
+      let!(:cancelled_occurrence) do
+        create(:meeting,
+               project:,
+               author: current_user,
+               recurring_meeting:,
+               start_time:,
+               recurrence_start_time: start_time,
+               state: :cancelled)
+      end
+
+      before { response }
+
+      it_behaves_like "unauthorized access"
+
+      it "does not restore the cancelled occurrence" do
+        expect(cancelled_occurrence.reload).to be_cancelled
+      end
+    end
   end
 
   describe "DELETE .../occurrences/:start_time" do