diff --git a/product/ERP5Type/ERP5Type.py b/product/ERP5Type/ERP5Type.py
index c6820b7b08501d9c1f9d4bf3dc067e39699d327c..91a6a50bf59da21b71daabb71041041f42ed6dff 100644
--- a/product/ERP5Type/ERP5Type.py
+++ b/product/ERP5Type/ERP5Type.py
@@ -235,8 +235,11 @@ class ERP5TypeInformation( FactoryTypeInformation,
                 # validate() can either raise Unauthorized or return 0 to
                 # mean unauthorized.
                 permission = self.permission
-                if permission and _checkPermission(permission, container):
-                  return m
+                if permission:
+                  if _checkPermission(permission, container):
+                    return m
+                  else:
+                    return default
                 elif getSecurityManager().validate(p, p, self.factory, m):
                   return m
             except zExceptions_Unauthorized:  # Catch *all* Unauths!