diff --git a/src/Controller/ProjectController.php b/src/Controller/ProjectController.php
index 24c61508..2d567c70 100644
--- a/src/Controller/ProjectController.php
+++ b/src/Controller/ProjectController.php
@@ -92,6 +92,9 @@ class ProjectController extends AbstractController
         $form->handleRequest($request);
         if ($form->isSubmitted()) {
             if ($form->isValid()) {
+                //Ensure that the user can withdraw stock from all parts
+                $this->denyAccessUnlessGranted('@parts_stock.withdraw');
+
                 //We have to do a flush already here, so that the newly created partLot gets an ID and can be logged to DB later.
                 $entityManager->flush();
                 $buildHelper->doBuild($projectBuildRequest);
diff --git a/src/Form/ProjectSystem/ProjectBuildType.php b/src/Form/ProjectSystem/ProjectBuildType.php
index f092ad82..3758bb21 100644
--- a/src/Form/ProjectSystem/ProjectBuildType.php
+++ b/src/Form/ProjectSystem/ProjectBuildType.php
@@ -34,9 +34,17 @@ use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\Form\FormEvents;
 use Symfony\Component\Form\FormInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Security\Core\Security;
 
 class ProjectBuildType extends AbstractType implements DataMapperInterface
 {
+    private Security $security;
+
+    public function __construct(Security $security)
+    {
+        $this->security = $security;
+    }
+
     public function configureOptions(OptionsResolver $resolver)
     {
         $resolver->setDefaults([
@@ -50,7 +58,8 @@ class ProjectBuildType extends AbstractType implements DataMapperInterface
         $builder->setDataMapper($this);
 
         $builder->add('submit', SubmitType::class, [
-            'label' => 'project.build.btn_build'
+            'label' => 'project.build.btn_build',
+            'disabled' => !$this->security->isGranted('@parts_stock.withdraw'),
         ]);
 
         $builder->add('comment', TextType::class, [
@@ -89,6 +98,7 @@ class ProjectBuildType extends AbstractType implements DataMapperInterface
                         'label' => false,
                         'measurement_unit' => $bomEntry->getPart()->getPartUnit(),
                         'max' => min($build_request->getNeededAmountForBOMEntry($bomEntry), $lot->getAmount()),
+                        'disabled' => !$this->security->isGranted('withdraw', $lot),
                     ]);
                 }
             }