diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 087b9fbc1b4..c8b6556a374 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -41,6 +41,8 @@ class User extends CommonObject
 	protected $ismultientitymanaged = 1;	// 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
 
 	var $id=0;
+	var $ref;
+	var $ref_ext;
 	var $ldap_sid;
 	var $search_sid;
 	var $nom;		// TODO deprecated
diff --git a/htdocs/webservices/server_user.php b/htdocs/webservices/server_user.php
index d9a853f4d8a..462929a06c7 100644
--- a/htdocs/webservices/server_user.php
+++ b/htdocs/webservices/server_user.php
@@ -180,7 +180,10 @@ function getUser($authentication,$id,$ref='',$ref_ext='')
     {
         $fuser->getrights();
 
-        if ($fuser->rights->user->user->lire || ($fuser->rights->user->self->creer && $fuser->id = $id))
+        if ($fuser->rights->user->user->lire
+        	|| ($fuser->rights->user->self->creer && $id && $id=$fuser->id)
+        	|| ($fuser->rights->user->self->creer && $ref && $ref=$fuser->login)
+        	|| ($fuser->rights->user->self->creer && $ref_ext && $ref_ext=$fuser->ref_ext))
         {
             $user=new User($db);
             $result=$user->fetch($id,$ref,$ref_ext);