diff --git a/bin/addons/base/base_data.xml b/bin/addons/base/base_data.xml
index 411a40571d91adb3c3825382fedc486a7a5062a1..ca211b4a6d5e16e90c5ff590b09d6762fb8260f3 100644
--- a/bin/addons/base/base_data.xml
+++ b/bin/addons/base/base_data.xml
@@ -1046,9 +1046,16 @@
             <test expr="currency_id.code == 'eur'.upper()"/>
             <test expr="name">OpenERP S.A.</test>
         </assert>
-        <record id="user_admin" model="res.users">
+
+        <record model="res.users" id="base.user_root">
+            <field name="signature">Administrator</field>
+            <field name="address_id" ref="main_address"/>
             <field name="company_id" ref="main_company"/>
+            <field name="company_ids" eval="[(4, ref('main_company'))]"/>
+            <field name="action_id" ref="action_menu_admin"/>
+            <field name="menu_id" ref="action_menu_admin"/>
         </record>
+
         <record id="main_partner" model="res.partner">
             <field name="company_id" ref="main_company"/>
         </record>
diff --git a/bin/addons/base/res/res_user.py b/bin/addons/base/res/res_user.py
index fe67848de6ae0ffdb6ff5777a04344519f446463..341680a23ac8811b978e2dde68e6722f2967bcae 100644
--- a/bin/addons/base/res/res_user.py
+++ b/bin/addons/base/res/res_user.py
@@ -210,6 +210,14 @@ class users(osv.osv):
                 result = map(override_password, result)
         return result
 
+
+    def _check_company(self, cr, uid, ids, context=None):
+        return all(this.company_id in this.company_ids for this in self.browse(cr, uid, ids, context))
+
+    _constraints = [
+        (_check_company, 'The chosen company is not in the allowed companies', ['company_id', 'company_ids']),
+    ]
+
     _sql_constraints = [
         ('login_key', 'UNIQUE (login)',  _('You can not have two users with the same login !'))
     ]
@@ -225,13 +233,19 @@ class users(osv.osv):
         ids = self.pool.get('ir.ui.menu').search(cr, uid, [('usage','=','menu')])
         return ids and ids[0] or False
 
-    def _get_company(self,cr, uid, context={}, uid2=False):
+    def _get_company(self,cr, uid, context=None, uid2=False):
         if not uid2:
             uid2 = uid
         user = self.pool.get('res.users').read(cr, uid, uid2, ['company_id'], context)
         company_id = user.get('company_id', False)
         return company_id and company_id[0] or False
 
+    def _get_companies(self, cr, uid, context=None):
+        c = self._get_company(cr, uid, context)
+        if c:
+            return [c]
+        return False
+
     def _get_menu(self,cr, uid, context={}):
         ids = self.pool.get('ir.actions.act_window').search(cr, uid, [('usage','=','menu')])
         return ids and ids[0] or False
@@ -247,6 +261,7 @@ class users(osv.osv):
         'menu_id': _get_menu,
         'action_id': _get_menu,
         'company_id': _get_company,
+        'company_ids': _get_companies,
         'groups_id': _get_group,
         'address_id': False,
     }
diff --git a/bin/addons/base/security/base_security.xml b/bin/addons/base/security/base_security.xml
index 1059cf4da374c320b7be7735bbb4094b3d667eb9..ba5ea19a6c8208557e2673f93efdd4919b5a4c43 100644
--- a/bin/addons/base/security/base_security.xml
+++ b/bin/addons/base/security/base_security.xml
@@ -29,18 +29,6 @@
         <field name="name">Useability / No One</field>
     </record>
 
-<!--
- Users
--->
-    <record model="res.users" id="base.user_root">
-        <field name="signature">Administrator</field>
-        <field name="address_id" ref="main_address"/>
-        <field name="company_id" ref="main_company"/>
-        <field name="action_id" ref="action_menu_admin"/>
-        <field name="menu_id" ref="action_menu_admin"/>
-    </record>
-
-
     <!-- Set accesses to menu -->
     <record model="ir.ui.menu" id="base.menu_administration">
         <field name="groups_id" eval="[(6,0, [ref('group_system'), ref('group_erp_manager')])]"/>