diff --git a/app/models/spree/ability_decorator.rb b/app/models/spree/ability_decorator.rb
index 68d98bd568..9f9c96cb15 100644
--- a/app/models/spree/ability_decorator.rb
+++ b/app/models/spree/ability_decorator.rb
@@ -43,12 +43,12 @@ class AbilityDecorator
     # Enterprise User can only access products that they are a supplier for
     can [:create], Spree::Product
     can [:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], Spree::Product do |product|
-      user.enterprises.include? product.supplier
+      OpenFoodNetwork::Permissions.new(user).managed_product_enterprises.include? product.supplier
     end
 
     can [:create], Spree::Variant
     can [:admin, :index, :read, :edit, :update, :search, :destroy], Spree::Variant do |variant|
-      user.enterprises.include? variant.product.supplier
+      OpenFoodNetwork::Permissions.new(user).managed_product_enterprises.include? variant.product.supplier
     end
 
     can [:admin, :index, :read, :create, :edit, :update_positions, :destroy], Spree::ProductProperty
diff --git a/spec/features/admin/bulk_product_update_spec.rb b/spec/features/admin/bulk_product_update_spec.rb
index c4dbba32fd..9f530f860c 100644
--- a/spec/features/admin/bulk_product_update_spec.rb
+++ b/spec/features/admin/bulk_product_update_spec.rb
@@ -780,19 +780,19 @@ feature %q{
     end
 
     it "allows me to update a product" do
-      p = product_supplied
+      p = product_supplied_permitted
 
       visit '/admin/products/bulk_edit'
       first("div#columns_dropdown", :text => "COLUMNS").click
       first("div#columns_dropdown div.menu div.menu_item", text: "Available On").click
 
-      expect(page).to have_field "product_name", with: p.name
-      expect(page).to have_select "producer", selected: supplier_managed1.name
-      expect(page).to have_field "available_on", with: p.available_on.strftime("%F %T")
-      expect(page).to have_field "price", with: "10.0"
-      expect(page).to have_field "on_hand", with: "6"
+      within "tr#p_#{p.id}" do
+        expect(page).to have_field "product_name", with: p.name
+        expect(page).to have_select "producer", selected: supplier_permitted.name
+        expect(page).to have_field "available_on", with: p.available_on.strftime("%F %T")
+        expect(page).to have_field "price", with: "10.0"
+        expect(page).to have_field "on_hand", with: "6"
 
-      within("tr#p_#{product_supplied.id}") do
         fill_in "product_name", with: "Big Bag Of Potatoes"
         select(supplier_managed2.name, :from => 'producer')
         fill_in "available_on", with: (Date.today-3).strftime("%F %T")
diff --git a/spec/models/spree/ability_spec.rb b/spec/models/spree/ability_spec.rb
index 9e5ae49780..cf17d7fe3a 100644
--- a/spec/models/spree/ability_spec.rb
+++ b/spec/models/spree/ability_spec.rb
@@ -51,14 +51,17 @@ module Spree
       # create enterprises
       let(:s1) { create(:supplier_enterprise) }
       let(:s2) { create(:supplier_enterprise) }
+      let(:s_related) { create(:supplier_enterprise) }
       let(:d1) { create(:distributor_enterprise) }
       let(:d2) { create(:distributor_enterprise) }
 
       let(:p1) { create(:product, supplier: s1, distributors:[d1, d2]) }
       let(:p2) { create(:product, supplier: s2, distributors:[d1, d2]) }
+      let(:p_related) { create(:product, supplier: s_related) }
 
       let(:er1) { create(:enterprise_relationship, parent: s1, child: d1) }
       let(:er2) { create(:enterprise_relationship, parent: d1, child: s1) }
+      let(:er_p) { create(:enterprise_relationship, parent: s_related, child: s1, permissions_list: [:manage_products]) }
 
       subject { user }
       let(:user) { nil }
@@ -74,12 +77,20 @@ module Spree
 
         let(:order) {create(:order)}
 
-        it "should be able to read/write their enterprises' products" do
+        it "should be able to read/write their enterprises' products and variants" do
           should have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], for: p1)
+          should have_ability([:admin, :index, :read, :edit, :update, :search, :destroy], for: p1.master)
         end
 
-        it "should not be able to read/write other enterprises' products" do
+        it "should be able to read/write related enterprises' products and variants with manage_products permission" do
+          er_p
+          should have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], for: p_related)
+          should have_ability([:admin, :index, :read, :edit, :update, :search, :destroy], for: p_related.master)
+        end
+
+        it "should not be able to read/write other enterprises' products and variants" do
           should_not have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], for: p2)
+          should_not have_ability([:admin, :index, :read, :edit, :update, :search, :destroy], for: p2.master)
         end
 
         it "should not be able to access admin actions on orders" do
@@ -247,7 +258,7 @@ module Spree
         end
       end
 
-      context 'Enterprise manager' do
+      context 'enterprise manager' do
         let (:user) do
           user = create(:user)
           user.spree_roles = []