diff --git a/addons/document/document.py b/addons/document/document.py
index 1671b6bc1ba..a841f071b91 100644
--- a/addons/document/document.py
+++ b/addons/document/document.py
@@ -69,11 +69,17 @@ class document_file(osv.osv):
     ]
 
     def check(self, cr, uid, ids, mode, context=None, values=None):
-        """Check access wrt. res_model, relax the rule of ir.attachment parent
-        With 'document' installed, everybody will have access to attachments of
-        any resources they can *read*.
-        """
-        return super(document_file, self).check(cr, uid, ids, mode='read', context=context, values=values)
+        super(document_file, self).check(cr, uid, ids, mode, context=context, values=values)
+        if ids:
+            # use SQL to avoid recursive loop on read
+            cr.execute('SELECT id, parent_id from ir_attachment WHERE id in %s', (tuple(ids),))
+
+            parent_ids = []
+            for attach_id, attach_parent in cr.fetchall():
+                if attach_parent:
+                    parent_ids.append(attach_parent)
+
+            self.pool.get('document.directory').check_access_rule(cr, uid, parent_ids, mode, context=context)
 
     def search(self, cr, uid, args, offset=0, limit=None, order=None, context=None, count=False):
         # Grab ids, bypassing 'count'
diff --git a/addons/document/security/document_security.xml b/addons/document/security/document_security.xml
index b67ffb4548d..d8462d07386 100644
--- a/addons/document/security/document_security.xml
+++ b/addons/document/security/document_security.xml
@@ -37,56 +37,6 @@
         <field eval="0" name="perm_read"/>
         <field eval="1" name="perm_create"/>
     </record>
-    
-     <record id="ir_rule_readpublicdocuments0" model="ir.rule">
-        <field name="model_id" ref="base.model_ir_attachment"/>
-        <field name="domain_force">[
-            '|',
-                '|',
-                    '|',
-                        ('parent_id','=',False),
-                        ('parent_id.group_ids','in',[g.id for g in user.groups_id]),
-                    ('parent_id.user_id', '=', user.id),
-                '&amp;',
-                    ('parent_id.user_id', '=', False),
-                    ('parent_id.group_ids','=',False), 
-            '|',
-                '|',
-                    ('company_id','=',False),
-                    ('company_id','child_of',[user.company_id.id]),
-                ('company_id.child_ids','child_of',[user.company_id.id])]
-        </field>
-        <field name="name">Read public documents</field>
-        <field eval="0" name="global"/>
-        <field eval="[(6,0,[ref('base.group_user')])]" name="groups"/>
-        <field eval="0" name="perm_unlink"/>
-        <field eval="0" name="perm_write"/>
-        <field eval="1" name="perm_read"/>
-        <field eval="0" name="perm_create"/>
-    </record>
-    
-    <record id="ir_rule_documentmodifyowndocuments0" model="ir.rule">
-        <field name="model_id" ref="base.model_ir_attachment"/>
-        <field name="domain_force">[
-            '|',
-                ('parent_id.user_id', '=', user.id),
-                '&amp;',
-                    ('parent_id.group_ids','in',[g.id for g in user.groups_id]),
-                    ('parent_id.user_id','=',False),
-            '|',
-                '|',
-                    ('company_id','=',False),
-                    ('company_id','child_of',[user.company_id.id]),
-                ('company_id.child_ids','child_of',[user.company_id.id])]
-        </field>
-        <field name="name">Document modify own document</field>
-        <field eval="0" name="global"/>
-        <field eval="[(6,0,[ref('base.group_document_user')])]" name="groups"/>
-        <field eval="1" name="perm_unlink"/>
-        <field eval="1" name="perm_write"/>
-        <field eval="0" name="perm_read"/>
-        <field eval="1" name="perm_create"/>
-    </record>
-    
+        
 </data>
 </openerp>