diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index b5337425376..9dc387dc8b6 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -41,6 +41,8 @@ class User extends CommonObject
 	protected $ismultientitymanaged = 1;	// 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
 
 	var $id=0;
+	var $ref;
+	var $ref_ext;
 	var $ldap_sid;
 	var $search_sid;
 	var $nom;		// TODO deprecated
diff --git a/htdocs/webservices/server_user.php b/htdocs/webservices/server_user.php
index 08f720b7921..55b991fb93f 100644
--- a/htdocs/webservices/server_user.php
+++ b/htdocs/webservices/server_user.php
@@ -178,7 +178,10 @@ function getUser($authentication,$id,$ref='',$ref_ext='')
     {
         $fuser->getrights();
 
-        if ($fuser->rights->user->user->lire || ($fuser->rights->user->self->creer && $fuser->id = $id))
+        if ($fuser->rights->user->user->lire
+        	|| ($fuser->rights->user->self->creer && $id && $id=$fuser->id)
+        	|| ($fuser->rights->user->self->creer && $ref && $ref=$fuser->login)
+        	|| ($fuser->rights->user->self->creer && $ref_ext && $ref_ext=$fuser->ref_ext))
         {
             $user=new User($db);
             $result=$user->fetch($id,$ref,$ref_ext);