diff --git a/src/backend/core/models.py b/src/backend/core/models.py
index fb3443ce..9d8d2db5 100644
--- a/src/backend/core/models.py
+++ b/src/backend/core/models.py
@@ -842,7 +842,7 @@ class Document(MP_Node, BaseModel):
             "cors_proxy": can_get,
             "descendants": can_get,
             "destroy": is_owner,
-            "duplicate": can_get,
+            "duplicate": can_get and user.is_authenticated,
             "favorite": can_get and user.is_authenticated,
             "link_configuration": is_owner_or_admin,
             "invite_owner": is_owner,
diff --git a/src/backend/core/tests/documents/test_api_documents_duplicate.py b/src/backend/core/tests/documents/test_api_documents_duplicate.py
index 82acfa98..734c9a25 100644
--- a/src/backend/core/tests/documents/test_api_documents_duplicate.py
+++ b/src/backend/core/tests/documents/test_api_documents_duplicate.py
@@ -60,7 +60,7 @@ def test_api_documents_duplicate_forbidden():
 def test_api_documents_duplicate_anonymous():
     """Anonymous users should not be able to duplicate documents even with read access."""
 
-    document = factories.DocumentFactory(link_reach="public")
+    document = factories.DocumentFactory(link_reach="public", link_role="reader")
 
     response = APIClient().post(f"/api/v1.0/documents/{document.id!s}/duplicate/")
 
diff --git a/src/backend/core/tests/documents/test_api_documents_retrieve.py b/src/backend/core/tests/documents/test_api_documents_retrieve.py
index 91e6ca0e..80b135d3 100644
--- a/src/backend/core/tests/documents/test_api_documents_retrieve.py
+++ b/src/backend/core/tests/documents/test_api_documents_retrieve.py
@@ -37,7 +37,7 @@ def test_api_documents_retrieve_anonymous_public_standalone():
             "cors_proxy": True,
             "descendants": True,
             "destroy": False,
-            "duplicate": True,
+            "duplicate": False,
             # Anonymous user can't favorite a document even with read access
             "favorite": False,
             "invite_owner": False,
@@ -105,7 +105,7 @@ def test_api_documents_retrieve_anonymous_public_parent():
             "descendants": True,
             "cors_proxy": True,
             "destroy": False,
-            "duplicate": True,
+            "duplicate": False,
             # Anonymous user can't favorite a document even with read access
             "favorite": False,
             "invite_owner": False,
diff --git a/src/backend/core/tests/test_models_documents.py b/src/backend/core/tests/test_models_documents.py
index ae10fb55..1e81e83c 100644
--- a/src/backend/core/tests/test_models_documents.py
+++ b/src/backend/core/tests/test_models_documents.py
@@ -222,7 +222,7 @@ def test_models_documents_get_abilities_reader(
         "descendants": True,
         "cors_proxy": True,
         "destroy": False,
-        "duplicate": True,
+        "duplicate": is_authenticated,
         "favorite": is_authenticated,
         "invite_owner": False,
         "link_configuration": False,
@@ -285,7 +285,7 @@ def test_models_documents_get_abilities_editor(
         "descendants": True,
         "cors_proxy": True,
         "destroy": False,
-        "duplicate": True,
+        "duplicate": is_authenticated,
         "favorite": is_authenticated,
         "invite_owner": False,
         "link_configuration": False,