diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index d97b70387b..4dad92b9e4 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,9 @@
+2010-09-01  Sergio Martin <sergio.martin@artica.es>
+
+	* operation/menu.php
+	operation/events/events_rss.php: Added url parameters
+	to the event rss to authenticate the user and fix the ACLs
+
 2010-09-01  Sergio Martin <sergio.martin@artica.es>
 
 	* operation/agentes/alerts_status.php
diff --git a/pandora_console/operation/events/events_rss.php b/pandora_console/operation/events/events_rss.php
index 83d64cc062..29980d1726 100644
--- a/pandora_console/operation/events/events_rss.php
+++ b/pandora_console/operation/events/events_rss.php
@@ -26,6 +26,17 @@ $ipOrigin = $_SERVER['REMOTE_ADDR'];
 // Uncoment this to activate ACL on RSS Events
 if (!isInACL($ipOrigin))
     exit;
+    
+// Check user credentials
+$user = get_parameter('user');
+$hashup = get_parameter('hashup');
+
+$pss = get_user_info($user);
+$hashup2 = md5($user.$pss['password']);
+
+if($hashup != $hashup2){
+	exit;
+}
 
 header("Content-Type: application/xml; charset=UTF-8"); //Send header before starting to output
 
@@ -92,9 +103,14 @@ if ($id_agent != -1)
 if ($id_event != -1)
 	$sql_post .= " AND id_evento = ".$id_event;
 		
+// Avoid to show system events to not administrators
+if(!check_acl($user, 0, "PM"))
+	$sql_post .= " AND `tevento`.`event_type` <> 'system'";
+	
 $sql="SELECT `tevento`.`id_evento` AS event_id,
 	`tevento`.`id_agente` AS id_agent,
 	`tevento`.`id_usuario` AS validated_by,
+	`tevento`.`id_grupo` AS id_group,
 	`tevento`.`estado` AS validated,
 	`tevento`.`evento` AS event_descr,
 	`tevento`.`utimestamp` AS unix_timestamp,
@@ -130,6 +146,9 @@ if (empty ($result)) {
 }
 
 foreach ($result as $row) {
+	if (!check_acl($user, $row["id_group"], "AR")) {
+		continue;
+	}
 	if ($row["event_type"] == "system") {
 		$agent_name = __('System');
 	}
diff --git a/pandora_console/operation/menu.php b/pandora_console/operation/menu.php
index 3dba41fbe4..074e9f70ce 100644
--- a/pandora_console/operation/menu.php
+++ b/pandora_console/operation/menu.php
@@ -170,8 +170,11 @@ if (give_acl ($config['id_user'], 0, "AR")) {
 	$sub["operation/events/event_statistics"]["text"] = __('Statistics');
 	
 	//RSS
-	$sub["operation/events/events_rss.php"]["text"] = __('RSS');
-	$sub["operation/events/events_rss.php"]["type"] = "direct";
+	$pss = get_user_info($config['id_user']);
+	$hashup = md5($config['id_user'].$pss['password']);
+	
+	$sub["operation/events/events_rss.php?user=".$config['id_user']."&hashup=".$hashup]["text"] = __('RSS');
+	$sub["operation/events/events_rss.php?user=".$config['id_user']."&hashup=".$hashup]["type"] = "direct";
 	
 	//CSV
 	$sub["operation/events/export_csv.php"]["text"] = __('CSV File');