diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php
index 079c45ad5ec..04db4f91010 100644
--- a/htdocs/comm/action/index.php
+++ b/htdocs/comm/action/index.php
@@ -48,7 +48,7 @@ $status=isset($_GET["status"])?$_GET["status"]:$_POST["status"];
 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'societe', $socid,'');
+$result = restrictedArea($user, 'agenda', $socid, '', 'myactions');
 
 $canedit=1;
 if (! $user->rights->agenda->myactions->read) accessforbidden();
diff --git a/htdocs/comm/action/listactions.php b/htdocs/comm/action/listactions.php
index 03852e277ea..e51b4cf7d77 100644
--- a/htdocs/comm/action/listactions.php
+++ b/htdocs/comm/action/listactions.php
@@ -47,7 +47,7 @@ $status=isset($_GET["status"])?$_GET["status"]:$_POST["status"];
 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'societe', $socid,'');
+$result = restrictedArea($user, 'agenda', $socid, '', 'myactions');
 
 $canedit=1;
 if (! $user->rights->agenda->myactions->read) accessforbidden();
diff --git a/htdocs/comm/action/rapport/index.php b/htdocs/comm/action/rapport/index.php
index 66834fe1fdd..f05729390ba 100644
--- a/htdocs/comm/action/rapport/index.php
+++ b/htdocs/comm/action/rapport/index.php
@@ -38,12 +38,10 @@ $offset = $limit * $page ;
 if (! $sortorder) $sortorder="DESC";
 if (! $sortfield) $sortfield="a.datep";
 
-// Sécurité accés client
-if ($user->societe_id > 0) 
-{
-	$action = '';
-	$socid = $user->societe_id;
-}
+// Security check
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
+$result = restrictedArea($user, 'agenda', $socid, '', 'myactions');
 
 
 
diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php
index 81a2847894e..cfd4ce7137e 100644
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@@ -1273,8 +1273,9 @@ function info_admin($texte,$infoonimgalt=0)
  \param      feature		Feature to check (in most cases, it's module name)
  \param      objectid      	Object ID if we want to check permission on on object (optionnal)
  \param      dbtable       	Table name where object is stored. Not used if objectid is null (optionnel)
+ \param      feature		Feature to check (second level of permission)
  */
-function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='')
+function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='',$feature2='')
 {
 	global $db;
 
@@ -1303,7 +1304,11 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='')
 	{
 		if (! $user->rights->banque->cheque) $readok=0;
 	}
-	else if (! empty($feature))
+	else if (! empty($feature2))	// This should be used for future changes
+	{
+		if (! $user->rights->$feature->$feature2->read) $readok=0;
+	}
+	else if (! empty($feature))		// This is for old permissions
 	{
 		if (! $user->rights->$feature->lire) $readok=0;
 	}