diff --git a/htdocs/contact/fiche.php b/htdocs/contact/fiche.php
index 1f59054b8c5..9106b5c105b 100644
--- a/htdocs/contact/fiche.php
+++ b/htdocs/contact/fiche.php
@@ -60,18 +60,20 @@ if (!$user->rights->commercial->client->voir && $contactid && !$user->societe_id
         }
 }
 
-
-if ($_GET["action"] == 'create_user' && $user->admin) 
+if ($user->rights->societe->contact->creer)
 {
-  // Recuperation contact actuel
-  $contact = new Contact($db);
-  $result = $contact->fetch($_GET["id"]);
+  if ($_GET["action"] == 'create_user' && $user->admin) 
+  {
+    // Recuperation contact actuel
+    $contact = new Contact($db);
+    $result = $contact->fetch($_GET["id"]);
   
-  // Creation user
-  $nuser = new User($db);
-  $nuser->nom = $contact->name;
-  $nuser->prenom = $contact->firstname;
-  $nuser->create_from_contact($contact);
+    // Creation user
+    $nuser = new User($db);
+    $nuser->nom = $contact->name;
+    $nuser->prenom = $contact->firstname;
+    $nuser->create_from_contact($contact);
+  }
 }
 
 if ($user->rights->societe->contact->creer)
@@ -118,10 +120,6 @@ if ($user->rights->societe->contact->creer)
     }
   }
 }
-else
-{
-	accessforbidden();
-}
 
 if ($user->rights->societe->contact->supprimer)
 {
@@ -138,10 +136,6 @@ if ($user->rights->societe->contact->supprimer)
     exit;
   }
 }
-else
-{
-	accessforbidden();
-}
 
 if ($user->rights->societe->contact->creer)
 {
@@ -180,10 +174,6 @@ if ($user->rights->societe->contact->creer)
     }
   }
 }
-else
-{
-	accessforbidden();
-}
 
 
 /*
@@ -248,10 +238,6 @@ if ($user->rights->societe->contact->supprimer)
     print '<br>';
   }
 }
-else
-{
-	accessforbidden();
-}
 
 if ($_GET["action"] == 'create')
 {