diff --git a/htdocs/core/lib/stock.lib.php b/htdocs/core/lib/stock.lib.php
index 4d1bc5b3593..988c7a2d78c 100644
--- a/htdocs/core/lib/stock.lib.php
+++ b/htdocs/core/lib/stock.lib.php
@@ -29,7 +29,7 @@
  */
 function stock_prepare_head($object)
 {
-	global $langs, $conf;
+	global $langs, $conf, $user;
 
 	$h = 0;
 	$head = array();
@@ -39,10 +39,13 @@ function stock_prepare_head($object)
 	$head[$h][2] = 'card';
 	$h++;
 
-	$head[$h][0] = DOL_URL_ROOT.'/product/stock/movement_list.php?id='.$object->id;
-	$head[$h][1] = $langs->trans("StockMovements");
-	$head[$h][2] = 'movements';
-	$h++;
+	if (!empty($user->rights->stock->mouvement->lire))
+	{
+		$head[$h][0] = DOL_URL_ROOT.'/product/stock/movement_list.php?id='.$object->id;
+		$head[$h][1] = $langs->trans("StockMovements");
+		$head[$h][2] = 'movements';
+		$h++;
+	}
 
 	/*
 	$head[$h][0] = DOL_URL_ROOT.'/product/stock/fiche-valo.php?id='.$object->id;
diff --git a/htdocs/product/stock/card.php b/htdocs/product/stock/card.php
index 9337d03bc11..94a379c4e90 100644
--- a/htdocs/product/stock/card.php
+++ b/htdocs/product/stock/card.php
@@ -428,30 +428,26 @@ else
 			print "</td></tr>";
 
 			// Last movement
-			$sql = "SELECT max(m.datem) as datem";
-			$sql .= " FROM ".MAIN_DB_PREFIX."stock_mouvement as m";
-			$sql .= " WHERE m.fk_entrepot = '".$object->id."'";
-			$resqlbis = $db->query($sql);
-			if ($resqlbis)
-			{
-			    $obj = $db->fetch_object($resqlbis);
-			    $lastmovementdate=$db->jdate($obj->datem);
+			if (!empty($user->rights->stock->mouvement->lire)) {
+				$sql = "SELECT max(m.datem) as datem";
+				$sql .= " FROM " . MAIN_DB_PREFIX . "stock_mouvement as m";
+				$sql .= " WHERE m.fk_entrepot = '" . $object->id . "'";
+				$resqlbis = $db->query($sql);
+				if ($resqlbis) {
+					$obj = $db->fetch_object($resqlbis);
+					$lastmovementdate = $db->jdate($obj->datem);
+				} else {
+					dol_print_error($db);
+				}
+				print '<tr><td>' . $langs->trans("LastMovement") . '</td><td>';
+				if ($lastmovementdate) {
+					print dol_print_date($lastmovementdate, 'dayhour') . ' ';
+					print '(<a href="' . DOL_URL_ROOT . '/product/stock/movement_list.php?id=' . $object->id . '">' . $langs->trans("FullList") . '</a>)';
+				} else {
+					print $langs->trans("None");
+				}
+				print "</td></tr>";
 			}
-			else
-			{
-			    dol_print_error($db);
-			}
-			print '<tr><td>'.$langs->trans("LastMovement").'</td><td>';
-			if ($lastmovementdate)
-			{
-			    print dol_print_date($lastmovementdate, 'dayhour').' ';
-			    print '(<a href="'.DOL_URL_ROOT.'/product/stock/movement_list.php?id='.$object->id.'">'.$langs->trans("FullList").'</a>)';
-			}
-			else
-			{
-			    print $langs->trans("None");
-			}
-			print "</td></tr>";
 
             // Other attributes
             include DOL_DOCUMENT_ROOT . '/core/tpl/extrafields_view.tpl.php';
diff --git a/htdocs/product/stock/movement_list.php b/htdocs/product/stock/movement_list.php
index a4831d46844..ac00062cc6e 100644
--- a/htdocs/product/stock/movement_list.php
+++ b/htdocs/product/stock/movement_list.php
@@ -118,6 +118,10 @@ $arrayfields=array(
     //'m.tms'=>array('label'=>$langs->trans("DateModificationShort"), 'checked'=>0, 'position'=>500)
 );
 
+// Security check
+if (!$user->rights->stock->mouvement->lire) {
+	accessforbidden();
+}
 
 
 /*
diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php
index d2bc7fe68cb..dbcd0a2cf61 100644
--- a/htdocs/product/stock/product.php
+++ b/htdocs/product/stock/product.php
@@ -694,24 +694,27 @@ if ($id > 0 || $ref)
 			print '</tr>';
 
 			// Last movement
-			$sql = "SELECT max(m.datem) as datem";
-			$sql .= " FROM " . MAIN_DB_PREFIX . "stock_mouvement as m";
-			$sql .= " WHERE m.fk_product = '" . $object->id . "'";
-			$resqlbis = $db->query($sql);
-			if ($resqlbis) {
-				$obj = $db->fetch_object($resqlbis);
-				$lastmovementdate = $db->jdate($obj->datem);
-			} else {
-				dol_print_error($db);
+			if (!empty($user->rights->stock->mouvement->lire))
+			{
+				$sql = "SELECT max(m.datem) as datem";
+				$sql .= " FROM " . MAIN_DB_PREFIX . "stock_mouvement as m";
+				$sql .= " WHERE m.fk_product = '" . $object->id . "'";
+				$resqlbis = $db->query($sql);
+				if ($resqlbis) {
+					$obj = $db->fetch_object($resqlbis);
+					$lastmovementdate = $db->jdate($obj->datem);
+				} else {
+					dol_print_error($db);
+				}
+				print '<tr><td class="tdtop">' . $langs->trans("LastMovement") . '</td><td>';
+				if ($lastmovementdate) {
+					print dol_print_date($lastmovementdate, 'dayhour') . ' ';
+					print '(<a href="' . DOL_URL_ROOT . '/product/stock/movement_list.php?idproduct=' . $object->id . '">' . $langs->trans("FullList") . '</a>)';
+				} else {
+					print '<a href="' . DOL_URL_ROOT . '/product/stock/movement_list.php?idproduct=' . $object->id . '">' . $langs->trans("None") . '</a>';
+				}
+				print "</td></tr>";
 			}
-			print '<tr><td class="tdtop">' . $langs->trans("LastMovement") . '</td><td>';
-			if ($lastmovementdate) {
-				print dol_print_date($lastmovementdate, 'dayhour') . ' ';
-				print '(<a href="' . DOL_URL_ROOT . '/product/stock/movement_list.php?idproduct=' . $object->id . '">' . $langs->trans("FullList") . '</a>)';
-			} else {
-				print '<a href="' . DOL_URL_ROOT . '/product/stock/movement_list.php?idproduct=' . $object->id . '">' . $langs->trans("None") . '</a>';
-			}
-			print "</td></tr>";
 		}
 		print "</table>";