diff --git a/Code-Security-Guidelines.md b/Code-Security-Guidelines.md
index c6ab176..a409e8b 100644
--- a/Code-Security-Guidelines.md
+++ b/Code-Security-Guidelines.md
@@ -53,6 +53,7 @@ This looks like a simple helper at first, but it allows a user to create **any**
 You can use a combination of `frappe.only_for` method to restrict the method to System Managers and some manual checks. For e.g.,
 
 ```
+@frappe.whitelist()
 def create_document(values):
   frappe.only_for('System User')