diff --git a/htdocs/contact/canvas/actions_contactcard_common.class.php b/htdocs/contact/canvas/actions_contactcard_common.class.php
index 65660b5fc02..b4e5712993f 100644
--- a/htdocs/contact/canvas/actions_contactcard_common.class.php
+++ b/htdocs/contact/canvas/actions_contactcard_common.class.php
@@ -284,7 +284,7 @@ class ActionsContactCardCommon
     	global $conf, $user, $langs;
     	
     	// Creation utilisateur depuis contact
-    	if (GETPOST("action") == 'confirm_create_user' && GETPOST("confirm") == 'yes' && $user->rights->user->user->creer)
+    	if (GETPOST("action") == 'confirm_create_user' && GETPOST("confirm") == 'yes')
     	{
     		// Recuperation contact actuel
     		$result = $this->object->fetch($id);
@@ -307,7 +307,7 @@ class ActionsContactCardCommon
     	}
     	
     	// Creation contact
-    	if ($_POST["action"] == 'add' && $user->rights->societe->contact->creer)
+    	if ($_POST["action"] == 'add')
     	{
     		$this->assign_post();
     		
@@ -333,7 +333,7 @@ class ActionsContactCardCommon
     		}
     	}
     	
-    	if (GETPOST("action") == 'confirm_delete' && GETPOST("confirm") == 'yes' && $user->rights->societe->contact->supprimer)
+    	if (GETPOST("action") == 'confirm_delete' && GETPOST("confirm") == 'yes')
     	{
     		$result=$this->object->fetch($id);
     		
@@ -352,7 +352,7 @@ class ActionsContactCardCommon
     		}
     	}
     	
-    	if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->societe->contact->creer)
+    	if ($_POST["action"] == 'update' && ! $_POST["cancel"])
     	{
     		if (empty($_POST["name"]))
     		{
diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php
index 22eefc9e3cf..f71c5fee1b9 100644
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@@ -1679,9 +1679,19 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
 		//print "Write access is ok";
 	}
 	
+	// Check create user permission
+	$createuserok=1;
+	if ( GETPOST("action") && (GETPOST("action") == 'confirm_create_user' && GETPOST("confirm") == 'yes') )
+	{
+		if (! $user->rights->user->user->creer) $createuserok=0;
+		
+		if (! $createuserok) accessforbidden();
+		//print "Create user access is ok";
+	}
+	
 	// Check delete permission from module
 	$deleteok=1;
-	if ( (GETPOST("action") && GETPOST("action")  == 'confirm_delete') && (GETPOST("confirm") && GETPOST("confirm") == 'yes') )
+	if ( GETPOST("action") && ( (GETPOST("action")  == 'confirm_delete' && GETPOST("confirm") && GETPOST("confirm") == 'yes') || GETPOST("action")  == 'delete') )
 	{
 		foreach ($features as $feature)
 		{