diff --git a/htdocs/product/stock/productlot_card.php b/htdocs/product/stock/productlot_card.php
index 94ecdc8e13a..646f3d322d7 100644
--- a/htdocs/product/stock/productlot_card.php
+++ b/htdocs/product/stock/productlot_card.php
@@ -92,14 +92,6 @@ if ($id || $ref) {
 	$object->ref = $object->batch; // For document management ( it use $object->ref)
 }
 
-// Protection if external user
-if ($user->socid > 0) {
-	//accessforbidden();
-}
-//$result = restrictedArea($user, 'mymodule', $id);
-
-
-
 // Initialize technical object to manage hooks of modules. Note that conf->hooks_modules contains array array
 $hookmanager->initHooks(array('productlotcard', 'globalcard'));
 
@@ -114,7 +106,21 @@ $usercandelete = $user->rights->produit->supprimer;
 
 $upload_dir = $conf->productbatch->multidir_output[$conf->entity];
 
+$permissiontoread = $usercanread;
 $permissiontoadd = $usercancreate;
+//$permissiontodelete = $usercandelete;
+
+// Security check
+if (empty($conf->productbatch->enabled)) {
+	accessforbidden('Module not enabled');
+}
+$socid = 0;
+if ($user->socid > 0) { // Protection if external user
+	//$socid = $user->socid;
+	accessforbidden();
+}
+//$result = restrictedArea($user, 'productbatch');
+if (!$permissiontoread) accessforbidden();
 
 
 /*
diff --git a/htdocs/product/stock/productlot_document.php b/htdocs/product/stock/productlot_document.php
index 81f68487cf6..97eaace9ee4 100644
--- a/htdocs/product/stock/productlot_document.php
+++ b/htdocs/product/stock/productlot_document.php
@@ -90,6 +90,28 @@ if ($id || $ref) {
 	}
 }
 
+$usercanread = $user->rights->produit->lire;
+$usercancreate = $user->rights->produit->creer;
+$usercandelete = $user->rights->produit->supprimer;
+
+$upload_dir = $conf->productbatch->multidir_output[$conf->entity];
+
+$permissiontoread = $usercanread;
+$permissiontoadd = $usercancreate;
+//$permissiontodelete = $usercandelete;
+
+// Security check
+if (empty($conf->productbatch->enabled)) {
+	accessforbidden('Module not enabled');
+}
+$socid = 0;
+if ($user->socid > 0) { // Protection if external user
+	//$socid = $user->socid;
+	accessforbidden();
+}
+//$result = restrictedArea($user, 'productbatch');
+if (!$permissiontoread) accessforbidden();
+
 
 /*
  * Actions
diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php
index e04b3f2e59b..e467aa80d95 100644
--- a/htdocs/product/stock/productlot_list.php
+++ b/htdocs/product/stock/productlot_list.php
@@ -129,10 +129,27 @@ if (is_array($extrafields->attributes[$object->table_element]['label']) && count
 $object->fields = dol_sort_array($object->fields, 'position');
 $arrayfields = dol_sort_array($arrayfields, 'position');
 
-$permissiontoread = $user->rights->stock->lire;
-$permissiontoadd = $user->rights->stock->mouvement->creer;
-//$permissiontodelete = $user->rights->stock->supprimer;
+$usercanread = $user->rights->produit->lire;
+$usercancreate = $user->rights->produit->creer;
+$usercandelete = $user->rights->produit->supprimer;
 
+$upload_dir = $conf->productbatch->multidir_output[$conf->entity];
+
+$permissiontoread = $usercanread;
+$permissiontoadd = $usercancreate;
+//$permissiontodelete = $usercandelete;
+
+// Security check
+if (empty($conf->productbatch->enabled)) {
+	accessforbidden('Module not enabled');
+}
+$socid = 0;
+if ($user->socid > 0) { // Protection if external user
+	//$socid = $user->socid;
+	accessforbidden();
+}
+//$result = restrictedArea($user, 'productbatch');
+if (!$permissiontoread) accessforbidden();
 
 
 /*