diff --git a/htdocs/core/class/html.formprojet.class.php b/htdocs/core/class/html.formprojet.class.php
index 977b792568b..5ebc1b2baba 100644
--- a/htdocs/core/class/html.formprojet.class.php
+++ b/htdocs/core/class/html.formprojet.class.php
@@ -483,7 +483,7 @@ class FormProjets
 		if ($linkedtothirdparty) $sql.=", ".MAIN_DB_PREFIX."societe as s";
 		$sql.= " WHERE ".$projectkey." is null";
 		if (! empty($socid) && $linkedtothirdparty) $sql.= " AND t.fk_soc=".$socid;
-		if (! in_array($table_element, array('expensereport_det'))) $sql.= ' AND t.entity='.getEntity('project');
+		if (! in_array($table_element, array('expensereport_det'))) $sql.= ' AND t.entity IN ('.getEntity('project',1).')';
 		if ($linkedtothirdparty) $sql.=" AND s.rowid = t.fk_soc";
 		if ($sqlfilter) $sql.= " AND ".$sqlfilter;
 		$sql.= " ORDER BY ref DESC";
diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php
index af4a4c7299f..c1a8e762b1e 100644
--- a/htdocs/projet/card.php
+++ b/htdocs/projet/card.php
@@ -68,7 +68,7 @@ if ($id > 0 || ! empty($ref))
 // Security check
 $socid=GETPOST('socid');
 if ($user->societe_id > 0) $socid=$user->societe_id;
-$result = restrictedArea($user, 'projet', $object->id);
+$result = restrictedArea($user, 'projet', $object->id,'projet&project');
 
 // fetch optionals attributes and labels
 $extralabels=$extrafields->fetch_name_optionals_label($object->table_element);
diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php
index 9ae3513fa8a..e1baa842fe9 100644
--- a/htdocs/projet/list.php
+++ b/htdocs/projet/list.php
@@ -228,7 +228,7 @@ if ($search_user > 0)
 	$sql.=", ".MAIN_DB_PREFIX."element_contact as ecp";
 }
 
-$sql.= " WHERE p.entity IN (".getEntity('project').')';
+$sql.= " WHERE p.entity IN (".getEntity('project',1).')';
 if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";     // public and assigned to, or restricted to company for external users
 // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
 if ($socid) $sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php
index e140ee2f672..2be005e61e7 100644
--- a/htdocs/projet/tasks/list.php
+++ b/htdocs/projet/tasks/list.php
@@ -235,7 +235,7 @@ if ($search_task_user > 0)
     $sql.=", ".MAIN_DB_PREFIX."element_contact as ect";
 }
 $sql.= " WHERE t.fk_projet = p.rowid";
-$sql.= " AND p.entity IN (".getEntity('project').')';
+$sql.= " AND p.entity IN (".getEntity('project',1).')';
 if (! $user->rights->projet->all->lire) $sql.=" p.rowid IN (".join(',',$projectsListId).")";    // public and assigned to projects, or restricted to company for external users
 // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
 if ($socid) $sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";