diff --git a/htdocs/user/bank.php b/htdocs/user/bank.php
index c7dcfc05cc3..8f534756aa4 100644
--- a/htdocs/user/bank.php
+++ b/htdocs/user/bank.php
@@ -94,6 +94,8 @@ $permissiontoreadhr = $user->hasRight('hrm', 'read_personal_information', 'read'
 $permissiontowritehr = $user->hasRight('hrm', 'write_personal_information', 'write');
 $permissiontosimpleedit = ($selfpermission || $canadduser);
 
+$childids = $user->getAllChildIds(1);
+
 // Ok if user->hasRight('salaries', 'readall') or user->hasRight('hrm', 'read')
 //$result = restrictedArea($user, 'salaries|hrm', $object->id, 'user&user', $feature2);
 $ok = false;
@@ -106,9 +108,13 @@ if ($user->hasRight('salaries', 'readall')) {
 if ($user->hasRight('hrm', 'read')) {
 	$ok = true;
 }
-if ($user->hasRight('expensereport', 'lire') && ($user->id == $object->id || $user->hasRight('expensereport', 'readall'))) {
+if ($user->hasRight('expensereport', 'readall') || ($user->hasRight('expensereport', 'readall') && in_array($object->id, $childids))) {
 	$ok = true;
 }
+if ($user->hasRight('holiday', 'readall') || ($user->hasRight('holiday', 'read') && in_array($object->id, $childids))) {
+	$ok = true;
+}
+var_dump($ok);
 if (!$ok) {
 	accessforbidden();
 }
@@ -277,8 +283,6 @@ if (getDolGlobalString('MAIN_USE_EXPENSE_IK')) {
 $form = new Form($db);
 $formcompany = new FormCompany($db);
 
-$childids = $user->getAllChildIds(1);
-
 $person_name = !empty($object->firstname) ? $object->lastname.", ".$object->firstname : $object->lastname;
 $title = $person_name." - ".$langs->trans('BankAccounts');
 $help_url = '';