diff --git a/htdocs/societe/commerciaux.php b/htdocs/societe/commerciaux.php
index 6da75f28811..4f7cd4a07b2 100644
--- a/htdocs/societe/commerciaux.php
+++ b/htdocs/societe/commerciaux.php
@@ -37,16 +37,33 @@ $langs->load("customers");
 $langs->load("suppliers");
 $langs->load("banks");
 
-/*
- * Sécurité accés client
- */
- 
+if ( !$user->rights->societe->creer)
+  accessforbidden();
+
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if (!$socid) accessforbidden();
+
+
+// Sécurité accés client
 if ($user->societe_id > 0) 
 {
   $action = '';
   $socid = $user->societe_id;
 }
 
+// Protection restriction commercial
+if (!$user->rights->commercial->client->voir && $socid)
+{
+        $sql = "SELECT sc.rowid";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+        $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
+
+        if ( $db->query($sql) )
+        {
+          if ( $db->num_rows() == 0) accessforbidden();
+        }
+}
+
 if($_GET["socid"] && $_GET["commid"])
 {
   if ($user->rights->societe->creer)
diff --git a/htdocs/societe/lien.php b/htdocs/societe/lien.php
index 188ecca766f..aa42425d6b1 100644
--- a/htdocs/societe/lien.php
+++ b/htdocs/societe/lien.php
@@ -36,6 +36,15 @@ $langs->load("customers");
 $langs->load("suppliers");
 $langs->load("banks");
 
+$user->getrights('societe');
+$user->getrights('commercial');
+
+if ( !$user->rights->societe->creer)
+  accessforbidden();
+  
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if (!$socid) accessforbidden();
+
 // Sécurité accés client
 if ($user->societe_id > 0) 
 {
@@ -43,6 +52,19 @@ if ($user->societe_id > 0)
   $socid = $user->societe_id;
 }
 
+// Protection restriction commercial
+if (!$user->rights->commercial->client->voir && $socid)
+{
+        $sql = "SELECT sc.rowid";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+        $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
+
+        if ( $db->query($sql) )
+        {
+          if ( $db->num_rows() == 0) accessforbidden();
+        }
+}
+
 
 /*
  * Actions
diff --git a/htdocs/societe/rib.php b/htdocs/societe/rib.php
index 45412cdd1ba..46ada883a1d 100644
--- a/htdocs/societe/rib.php
+++ b/htdocs/societe/rib.php
@@ -35,10 +35,35 @@ $langs->load("companies");
 $langs->load("banks");
 
 $user->getrights('societe');
+$user->getrights('commercial');
 
 if ( !$user->rights->societe->creer)
   accessforbidden();
 
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if (!$socid) accessforbidden();
+
+
+// Sécurité accés client
+if ($user->societe_id > 0) 
+{
+  $action = '';
+  $socid = $user->societe_id;
+}
+
+// Protection restriction commercial
+if (!$user->rights->commercial->client->voir && $socid)
+{
+        $sql = "SELECT sc.rowid";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+        $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
+
+        if ( $db->query($sql) )
+        {
+          if ( $db->num_rows() == 0) accessforbidden();
+        }
+}
+
 
 llxHeader();