diff --git a/openerp/addons/test_access_rights/ir.model.access.csv b/openerp/addons/test_access_rights/ir.model.access.csv
index a0bd5facb02..eda40f960d9 100644
--- a/openerp/addons/test_access_rights/ir.model.access.csv
+++ b/openerp/addons/test_access_rights/ir.model.access.csv
@@ -1,2 +1,3 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
 access_test_access_right_some_obj,access_test_access_right_some_obj,model_test_access_right_some_obj,,1,1,1,1
+access_test_access_right_container,access_test_access_right_container,model_test_access_right_container,,1,1,1,1
diff --git a/openerp/addons/test_access_rights/models.py b/openerp/addons/test_access_rights/models.py
index b7752cb3665..0b0d056b597 100644
--- a/openerp/addons/test_access_rights/models.py
+++ b/openerp/addons/test_access_rights/models.py
@@ -4,3 +4,9 @@ class SomeObj(models.Model):
     _name = 'test_access_right.some_obj'
 
     val = fields.Integer()
+
+
+class Container(models.Model):
+    _name = 'test_access_right.container'
+
+    some_ids = fields.Many2many('test_access_right.some_obj', 'test_access_right_rel', 'container_id', 'some_id')
diff --git a/openerp/addons/test_access_rights/tests/test_ir_rules.py b/openerp/addons/test_access_rights/tests/test_ir_rules.py
index 6cfb1bf9de7..81eb328ef3d 100644
--- a/openerp/addons/test_access_rights/tests/test_ir_rules.py
+++ b/openerp/addons/test_access_rights/tests/test_ir_rules.py
@@ -31,3 +31,25 @@ class TestRules(TransactionCase):
         # but this should
         with self.assertRaises(openerp.exceptions.AccessError):
             self.assertEqual(browse2.val, -1)
+
+    def test_many2many(self):
+        """ Test assignment of many2many field where rules apply. """
+        ids = [self.id1, self.id2]
+
+        # create container as superuser, connected to all some_objs
+        container_admin = self.env['test_access_right.container'].create({'some_ids': [(6, 0, ids)]})
+        self.assertItemsEqual(container_admin.some_ids.ids, ids)
+
+        # check the container as the public user
+        container_user = container_admin.sudo(self.browse_ref('base.public_user'))
+        self.assertItemsEqual(container_user.some_ids.ids, [self.id1])
+
+        # this should not fail
+        container_user.write({'some_ids': [(6, 0, ids)]})
+        self.assertItemsEqual(container_user.some_ids.ids, [self.id1])
+        self.assertItemsEqual(container_admin.some_ids.ids, ids)
+
+        # this removes accessible records only
+        container_user.write({'some_ids': [(5,)]})
+        self.assertItemsEqual(container_user.some_ids.ids, [])
+        self.assertItemsEqual(container_admin.some_ids.ids, [self.id2])