diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0aa3cee5..958b44ec 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,19 @@ This document outlines major changes between releases.
 
 ## [Unreleased]
 
+### Fixed
+- Unrestricted access to not owned objects via cache (#713)
+
+### Updating from v0.24.0
+New config parameters were added. Make sure the default parameters are appropriate for you.
+
+```yaml
+cache:
+  accesscontrol:
+    lifetime: 1m
+    size: 100000
+```
+
 ## [0.24.0] - 2022-09-14
 
 ### Added
diff --git a/config/config.env b/config/config.env
index b4ee0eb0..0730c556 100644
--- a/config/config.env
+++ b/config/config.env
@@ -84,6 +84,9 @@ S3_GW_CACHE_SYSTEM_SIZE=100000
 # Cache which stores access box with tokens by its address
 S3_GW_CACHE_ACCESSBOX_LIFETIME=10m
 S3_GW_CACHE_ACCESSBOX_SIZE=100
+# Cache which stores owner to cache operation mapping
+S3_GW_CACHE_ACCESSCONTROL_LIFETIME=1m
+S3_GW_CACHE_ACCESSCONTROL_SIZE=100000
 
 # NATS
 S3_GW_NATS_ENABLED=true
diff --git a/config/config.yaml b/config/config.yaml
index 70f8a10c..09d07a83 100644
--- a/config/config.yaml
+++ b/config/config.yaml
@@ -89,14 +89,18 @@ cache:
   buckets:
     lifetime: 1m
     size: 500
-    # Cache for system objects in a bucket: bucket settings, notification configuration etc
+  # Cache for system objects in a bucket: bucket settings, notification configuration etc
   system:
     lifetime: 2m
     size: 1000
-    # Cache which stores access box with tokens by its address
+  # Cache which stores access box with tokens by its address
   accessbox:
     lifetime: 5m
     size: 10
+  # Cache which stores owner to cache operation mapping
+  accesscontrol:
+    lifetime: 1m
+    size: 100000
 
 nats:
   enabled: true
@@ -118,8 +122,8 @@ cors:
 
 # Parameters of requests to NeoFS
 neofs:
-# Number of the object copies to consider PUT to NeoFS successful.
-# `0` means that object will be processed according to the container's placement policy
+  # Number of the object copies to consider PUT to NeoFS successful.
+  # `0` means that object will be processed according to the container's placement policy
   set_copies_number: 0
 
 # List of allowed AccessKeyID prefixes
diff --git a/docs/configuration.md b/docs/configuration.md
index 7b3eb886..c8901f6d 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -311,16 +311,20 @@ cache:
   accessbox:
     lifetime: 5m
     size: 10
+  accesscontrol:
+    lifetime: 1m
+    size: 100000
 ```
 
-| Parameter   | Type                              | Default value                     | Description                                                                            |
-|-------------|-----------------------------------|-----------------------------------|----------------------------------------------------------------------------------------|
-| `objects`   | [Cache config](#cache-subsection) | `lifetime: 5m`<br>`size: 1000000` | Cache for objects (NeoFS headers).                                                     |
-| `list`      | [Cache config](#cache-subsection) | `lifetime: 60s`<br>`size: 100000` | Cache which keeps lists of objects in buckets.                                         |
-| `names`     | [Cache config](#cache-subsection) | `lifetime: 60s`<br>`size: 10000`  | Cache which contains mapping of nice name to object addresses.                         |
-| `buckets`   | [Cache config](#cache-subsection) | `lifetime: 60s`<br>`size: 1000`   | Cache which contains mapping of bucket name to bucket info.                            |
-| `system`    | [Cache config](#cache-subsection) | `lifetime: 5m`<br>`size: 10000`   | Cache for system objects in a bucket: bucket settings, notification configuration etc. |
-| `accessbox` | [Cache config](#cache-subsection) | `lifetime: 10m`<br>`size: 100`    | Cache which stores access box with tokens by its address.                              |
+| Parameter       | Type                              | Default value                     | Description                                                                            |
+|-----------------|-----------------------------------|-----------------------------------|----------------------------------------------------------------------------------------|
+| `objects`       | [Cache config](#cache-subsection) | `lifetime: 5m`<br>`size: 1000000` | Cache for objects (NeoFS headers).                                                     |
+| `list`          | [Cache config](#cache-subsection) | `lifetime: 60s`<br>`size: 100000` | Cache which keeps lists of objects in buckets.                                         |
+| `names`         | [Cache config](#cache-subsection) | `lifetime: 60s`<br>`size: 10000`  | Cache which contains mapping of nice name to object addresses.                         |
+| `buckets`       | [Cache config](#cache-subsection) | `lifetime: 60s`<br>`size: 1000`   | Cache which contains mapping of bucket name to bucket info.                            |
+| `system`        | [Cache config](#cache-subsection) | `lifetime: 5m`<br>`size: 10000`   | Cache for system objects in a bucket: bucket settings, notification configuration etc. |
+| `accessbox`     | [Cache config](#cache-subsection) | `lifetime: 10m`<br>`size: 100`    | Cache which stores access box with tokens by its address.                              |
+| `accesscontrol` | [Cache config](#cache-subsection) | `lifetime: 1m`<br>`size: 100000`  | Cache which stores owner to cache operation mapping.                                   |
 
 #### `cache` subsection