diff --git a/app/api/operations.py b/app/api/operations.py
index 51ba5c6189d79421ba41602d7faf1ef676907c9e..e8d87af905ad9a34985c33743b5e46922f872752 100644
--- a/app/api/operations.py
+++ b/app/api/operations.py
@@ -48,6 +48,9 @@ def operations_user_notes(uid: int):
     -----
     uid: l'id de l'utilisateur
     """
+    # --- Permission: restreint au superadmin ou à l'utilisateur lui-même
+    if not app.current_user.is_administrator() and app.current_user.id != uid:
+        return {"error": "Permission denied"}, 403
     start = int(app.request.args.get("start", 0))
     length = min(int(app.request.args.get("length", 10)), MAX_QUERY_LENGTH)
     order = app.request.args.get("order[dir]", "desc")
diff --git a/app/scodoc/sco_etud.py b/app/scodoc/sco_etud.py
index fde983703888fe3be2b498ceddd77b78fe08fbf4..f74c3c42105ec8453ed9e2071fba54e4e35bd618 100644
--- a/app/scodoc/sco_etud.py
+++ b/app/scodoc/sco_etud.py
@@ -137,9 +137,6 @@ _identiteEditor = ndb.EditableTable(
     (
         "admission_id",
         "boursier",
-        "cas_allow_login",
-        "cas_allow_scodoc_login",
-        "cas_id",
         "civilite_etat_civil",
         "civilite",  # 'M", "F", or "X"
         "code_ine",
diff --git a/app/templates/user_board/user_board.j2 b/app/templates/user_board/user_board.j2
index 2832f95180ac2c6afdbcf2cc9f32bb11b9ac0e29..ca256a8782455f35dd7bf01b89b26fb642296e2a 100644
--- a/app/templates/user_board/user_board.j2
+++ b/app/templates/user_board/user_board.j2
@@ -115,31 +115,33 @@ div.scobox.saisies-notes {
         </div>
     {% endfor %}
 
-
-    <div class="scobox saisies-notes">
-      <div class="scobox-title">
-        Dernières saisies de notes par {{user.get_prenomnom()}}
-      </div>
-      <table id="saisies-notes" class="display" style="width:100%">
-          <thead>
-              <tr>
-                  <th>Date</th>
-                  <th>Évaluation</th>
-                  <th>Étudiant</th>
-                  <th>Note</th>
-              </tr>
-          </thead>
-          <tbody>
-              <!-- Data will be loaded dynamically via JavaScript -->
-          </tbody>
-      </table>
+  <div class="scobox saisies-notes">
+  {% if current_user.is_administrator() or current_user.id == user.id %}
+    <div class="scobox-title">
+      Dernières saisies de notes par {{user.get_prenomnom()}}
+    </div>
+    <table id="saisies-notes" class="display" style="width:100%">
+        <thead>
+            <tr>
+                <th>Date</th>
+                <th>Évaluation</th>
+                <th>Étudiant</th>
+                <th>Note</th>
+            </tr>
+        </thead>
+        <tbody>
+            <!-- Data will be loaded dynamically via JavaScript -->
+        </tbody>
+    </table>
+  {% else %}
+    <div class="help">
+      Vous n'avez pas les droits pour voir les notes de cet utilisateur.
+    </div>
+  {% endif %}
+  </div>
 </div>
 
 
-</div>
-
-
-
 {% endblock app_content %}
 
 
diff --git a/sco_version.py b/sco_version.py
index 2e58c9f14c108151ecee3cdec4a408db4ece747e..8110b6d018b207f579da34c38a96f06a8940edcb 100644
--- a/sco_version.py
+++ b/sco_version.py
@@ -3,7 +3,7 @@
 
 "Infos sur version ScoDoc"
 
-SCOVERSION = "9.7.38"
+SCOVERSION = "9.7.39"
 
 SCONAME = "ScoDoc"