diff --git a/dictionaries/en.dictionary.itop.ui.php b/dictionaries/en.dictionary.itop.ui.php
index dd811c5d8..f28d0c3e0 100644
--- a/dictionaries/en.dictionary.itop.ui.php
+++ b/dictionaries/en.dictionary.itop.ui.php
@@ -775,7 +775,7 @@ Dict::Add('EN US', 'English', 'English', array(
 	'UI:Title:DeletionOf_Object' => 'Deletion of %1$s',
 	'UI:Title:BulkDeletionOf_Count_ObjectsOf_Class' => 'Bulk deletion of %1$d objects of class %2$s',
 	'UI:Delete:NotAllowedToDelete' => 'You are not allowed to delete this object',
-	'UI:Delete:NotAllowedToUpdate_Fields' => 'You are not allowed to update the following field(s): %1$s',
+	'UI:Error:ActionNotAllowed' => 'You are not allowed to do this action',
 	'UI:Error:NotEnoughRightsToDelete' => 'This object could not be deleted because the current user do not have sufficient rights',
 	'UI:Error:CannotDeleteBecause' => 'This object could not be deleted because: %1$s',
 	'UI:Error:CannotDeleteBecauseOfDepencies' => 'This object could not be deleted because some manual operations must be performed prior to that',
diff --git a/dictionaries/fr.dictionary.itop.ui.php b/dictionaries/fr.dictionary.itop.ui.php
index 3d4c86cdc..49acc5b77 100644
--- a/dictionaries/fr.dictionary.itop.ui.php
+++ b/dictionaries/fr.dictionary.itop.ui.php
@@ -758,6 +758,7 @@ Dict::Add('FR FR', 'French', 'Français', array(
 	'UI:Title:BulkDeletionOf_Count_ObjectsOf_Class' => 'Suppression massive de %1$d objets de type %2$s',
 	'UI:Delete:NotAllowedToDelete' => 'Vous n\'êtes pas autorisé à supprimer cet objet',
 	'UI:Delete:NotAllowedToUpdate_Fields' => 'Vous n\'êtes pas autorisé à mettre à jour les champs suivants : %1$s',
+	'UI:Error:ActionNotAllowed' => 'Vous n\'êtes pas autorisé à effectuer cette action',
 	'UI:Error:NotEnoughRightsToDelete' => 'Cet objet ne peut pas être supprimé car l\'utilisateur courant n\'a pas les droits nécessaires.',
 	'UI:Error:CannotDeleteBecause' => 'Cet objet ne peut pas être effacé. Raison: %1$s',
 	'UI:Error:CannotDeleteBecauseOfDepencies' => 'Cet objet ne peut pas être supprimé, des opérations manuelles sont nécessaire avant sa suppression.',
diff --git a/pages/UI.php b/pages/UI.php
index 3fcc41c10..4568aee3b 100644
--- a/pages/UI.php
+++ b/pages/UI.php
@@ -1497,7 +1497,15 @@ EOF
 		{
 			throw new ApplicationException(Dict::Format('UI:Error:3ParametersMissing', 'class', 'id', 'stimulus'));
 		}
-		$oObj = MetaModel::GetObject($sClass, $id, false);
+		$aStimuli = MetaModel::EnumStimuli($sClass);
+		if ((get_class($aStimuli[$sStimulus]) !== 'StimulusUserAction') || (UserRights::IsStimulusAllowed($sClass, $sStimulus) === UR_ALLOWED_NO))
+		{
+			$sUser = UserRights::GetUser();
+			IssueLog::Error("UI.php '$operation' : Stimulus '$sStimulus' not allowed ! data: user='$sUser', class='$sClass'");
+			throw new ApplicationException(Dict::S('UI:Error:ActionNotAllowed'));
+		}
+
+			$oObj = MetaModel::GetObject($sClass, $id, false);
 		if ($oObj != null)
 		{
 			$aPrefillFormParam = array( 'user' => $_SESSION["auth_user"],
@@ -1545,6 +1553,13 @@ EOF
 				$sMessage = Dict::S('UI:Error:ObjectAlreadyUpdated');
 				$sSeverity = 'info';
 			}
+			elseif ((get_class($aStimuli[$sStimulus]) !== 'StimulusUserAction') || (UserRights::IsStimulusAllowed($sClass, $sStimulus) === UR_ALLOWED_NO))
+			{
+				$sUser = UserRights::GetUser();
+				IssueLog::Error("UI.php '$operation' : Stimulus '$sStimulus' not allowed ! data: user='$sUser', class='$sClass'");
+				$sMessage = Dict::S('UI:Error:ActionNotAllowed');
+				$sSeverity = 'error';
+			}
 			else
 			{
 				$sActionLabel = $aStimuli[$sStimulus]->GetLabel();