diff --git a/htdocs/bom/bom_agenda.php b/htdocs/bom/bom_agenda.php
index 2cf66d9c3f5..6a86f1c2258 100644
--- a/htdocs/bom/bom_agenda.php
+++ b/htdocs/bom/bom_agenda.php
@@ -51,11 +51,6 @@ if (GETPOST('actioncode', 'array')) {
 }
 $search_agenda_label = GETPOST('search_agenda_label');
 
-// Security check - Protection if external user
-//if ($user->socid > 0) accessforbidden();
-//if ($user->socid > 0) $socid = $user->socid;
-//$result = restrictedArea($user, 'bom', $id);
-
 $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST("sortfield", 'alpha');
 $sortorder = GETPOST("sortorder", 'alpha');
@@ -87,6 +82,11 @@ if ($id > 0 || !empty($ref)) {
 	$upload_dir = $conf->bom->multidir_output[$object->entity]."/".$object->id;
 }
 
+// Security check - Protection if external user
+//if ($user->socid > 0) accessforbidden();
+//if ($user->socid > 0) $socid = $user->socid;
+$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
 
 
 /*
diff --git a/htdocs/bom/bom_document.php b/htdocs/bom/bom_document.php
index 92babe87003..520dd8bb9d7 100644
--- a/htdocs/bom/bom_document.php
+++ b/htdocs/bom/bom_document.php
@@ -79,6 +79,12 @@ if ($id > 0 || !empty($ref)) {
 	$upload_dir = $conf->bom->multidir_output[$object->entity ? $object->entity : 1]."/bom/".get_exdir(0, 0, 0, 1, $object);
 }
 
+// Security check - Protection if external user
+//if ($user->socid > 0) accessforbidden();
+//if ($user->socid > 0) $socid = $user->socid;
+$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
+
 
 /*
  * Actions
diff --git a/htdocs/bom/bom_note.php b/htdocs/bom/bom_note.php
index cd288a3be3c..244bcfd7a49 100644
--- a/htdocs/bom/bom_note.php
+++ b/htdocs/bom/bom_note.php
@@ -57,9 +57,13 @@ if ($id > 0 || !empty($ref)) {
 	$upload_dir = $conf->bom->multidir_output[$object->entity]."/".$object->id;
 }
 
-$permissionnote = 1;
-//$permissionnote=$user->rights->bom->creer;	// Used by the include of actions_setnotes.inc.php
+$permissionnote = $user->rights->bom->write; // Used by the include of actions_setnotes.inc.php
 
+// Security check - Protection if external user
+//if ($user->socid > 0) accessforbidden();
+//if ($user->socid > 0) $socid = $user->socid;
+$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
 
 
 /*
diff --git a/htdocs/mrp/mo_note.php b/htdocs/mrp/mo_note.php
index 56699e4903f..6bbfc503453 100644
--- a/htdocs/mrp/mo_note.php
+++ b/htdocs/mrp/mo_note.php
@@ -60,8 +60,7 @@ if ($id > 0 || !empty($ref)) {
 $isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
 $result = restrictedArea($user, 'mrp', $object->id, 'mrp_mo', '', 'fk_soc', 'rowid', $isdraft);
 
-$permissionnote = 1;
-//$permissionnote=$user->rights->mrp->creer;	// Used by the include of actions_setnotes.inc.php
+$permissionnote = $user->rights->mrp->write;	// Used by the include of actions_setnotes.inc.php