diff --git a/openerp/addons/test_access_rights/__init__.py b/openerp/addons/test_access_rights/__init__.py
new file mode 100644
index 00000000000..89d26e2f597
--- /dev/null
+++ b/openerp/addons/test_access_rights/__init__.py
@@ -0,0 +1,2 @@
+# -*- coding: utf-8 -*-
+import models
diff --git a/openerp/addons/test_access_rights/__openerp__.py b/openerp/addons/test_access_rights/__openerp__.py
new file mode 100644
index 00000000000..bcccb90fd99
--- /dev/null
+++ b/openerp/addons/test_access_rights/__openerp__.py
@@ -0,0 +1,6 @@
+{
+    'name': 'test of access rights and rules',
+    'description': "Testing of access restrictions",
+    'version': '0.0.1',
+    'data': ['ir.model.access.csv'],
+}
diff --git a/openerp/addons/test_access_rights/ir.model.access.csv b/openerp/addons/test_access_rights/ir.model.access.csv
new file mode 100644
index 00000000000..a0bd5facb02
--- /dev/null
+++ b/openerp/addons/test_access_rights/ir.model.access.csv
@@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_test_access_right_some_obj,access_test_access_right_some_obj,model_test_access_right_some_obj,,1,1,1,1
diff --git a/openerp/addons/test_access_rights/models.py b/openerp/addons/test_access_rights/models.py
new file mode 100644
index 00000000000..b7752cb3665
--- /dev/null
+++ b/openerp/addons/test_access_rights/models.py
@@ -0,0 +1,6 @@
+from openerp import fields, models
+
+class SomeObj(models.Model):
+    _name = 'test_access_right.some_obj'
+
+    val = fields.Integer()
diff --git a/openerp/addons/test_access_rights/tests/__init__.py b/openerp/addons/test_access_rights/tests/__init__.py
new file mode 100644
index 00000000000..6e1c696fc37
--- /dev/null
+++ b/openerp/addons/test_access_rights/tests/__init__.py
@@ -0,0 +1 @@
+import test_ir_rules
diff --git a/openerp/addons/test_access_rights/tests/test_ir_rules.py b/openerp/addons/test_access_rights/tests/test_ir_rules.py
new file mode 100644
index 00000000000..6cfb1bf9de7
--- /dev/null
+++ b/openerp/addons/test_access_rights/tests/test_ir_rules.py
@@ -0,0 +1,33 @@
+import openerp.exceptions
+from openerp.tests.common import TransactionCase
+
+class TestRules(TransactionCase):
+    def setUp(self):
+        super(TestRules, self).setUp()
+
+        self.id1 = self.env['test_access_right.some_obj']\
+            .create({'val': 1}).id
+        self.id2 = self.env['test_access_right.some_obj']\
+            .create({'val': -1}).id
+        # create a global rule forbidding access to records with a negative
+        # (or zero) val
+        self.env['ir.rule'].create({
+            'name': 'Forbid negatives',
+            'model_id': self.browse_ref('test_access_rights.model_test_access_right_some_obj').id,
+            'domain_force': "[('val', '>', 0)]"
+        })
+
+    def test_basic_access(self):
+        env = self.env(user=self.browse_ref('base.public_user'))
+
+        # put forbidden record in cache
+        browse2 = env['test_access_right.some_obj'].browse(self.id2)
+        # this is the one we want
+        browse1 = env['test_access_right.some_obj'].browse(self.id1)
+
+        # this should not blow up
+        self.assertEqual(browse1.val, 1)
+
+        # but this should
+        with self.assertRaises(openerp.exceptions.AccessError):
+            self.assertEqual(browse2.val, -1)