diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index c204809e9a1..9162676795c 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -382,7 +382,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
 		$checkother = array('contact','agenda');	 // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...).
 		$checkproject = array('projet','project'); // Test for project object
 		$checktask = array('projet_task');
-		$nocheck = array('barcode','stock');	// No test
+		$nocheck = array('barcode','stock','expensereport');	// No test
 		$checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).
 
 		// If dbtablename not defined, we use same name for table than module name