diff --git a/org.adempiere.pipo/src/org/adempiere/pipo2/POFinder.java b/org.adempiere.pipo/src/org/adempiere/pipo2/POFinder.java
index 9827ef1ef4..3b8dd62e21 100644
--- a/org.adempiere.pipo/src/org/adempiere/pipo2/POFinder.java
+++ b/org.adempiere.pipo/src/org/adempiere/pipo2/POFinder.java
@@ -86,7 +86,14 @@ public class POFinder {
     			uuid = uuid.trim();
     			String targetUUID = Env.getAD_Client_ID(ctx.ctx) > 0 ? getTargetUUID(ctx.ctx, tableName, uuid, ctx.trx.getTrxName()) : uuid; 
     			Query query = new Query(ctx.ctx, tableName, uuidColumn+"=?", getTrxName(ctx));
-    			po = query.setParameters(targetUUID).firstOnly();
+    			/* Is possible to read here from source tenant to create in a new tenant, so safe to allow reading
+    			 * writing in wrong tenant is controlled later */
+    			try {
+    				PO.setCrossTenantSafe();
+    	   			po = query.setParameters(targetUUID).firstOnly();
+    	   		} finally {
+    	   			PO.clearCrossTenantSafe();
+    	   		}
     			if (po != null && po.getAD_Client_ID() > 0) {
     				if (po.getAD_Client_ID() > 0 && po.getAD_Client_ID() != Env.getAD_Client_ID(ctx.ctx)) {
     					targetUUID = UUID.randomUUID().toString();
@@ -101,7 +108,15 @@ public class POFinder {
     		String id = element.properties.get(idColumn).contents.toString();
     		if (id != null && id.trim().length() > 0) {
     			Query query = new Query(ctx.ctx, tableName, idColumn+"=?", getTrxName(ctx));
-    			po = query.setParameters(Integer.valueOf(id.trim())).firstOnly();
+    			/* Allow reading from a different tenant to show user a clearer error message below
+    			 * This is, instead of "Cross tenant PO reading request" the user will see a message
+    			 * "2Pack cannot update/access record that belongs to another client" which is more explanatory */
+    			try {
+    				PO.setCrossTenantSafe();
+    				po = query.setParameters(Integer.valueOf(id.trim())).firstOnly();
+    			} finally {
+    				PO.clearCrossTenantSafe();
+    			}
     			if (po != null && po.getAD_Client_ID() > 0) {
     				if (po.getAD_Client_ID() != Env.getAD_Client_ID(ctx.ctx)) {
     					throw new IllegalStateException("2Pack cannot update/access record that belongs to another client. TableName="+po.get_TableName()
diff --git a/org.adempiere.pipo/src/org/adempiere/pipo2/PoFiller.java b/org.adempiere.pipo/src/org/adempiere/pipo2/PoFiller.java
index 27a251be65..5424e388b9 100644
--- a/org.adempiere.pipo/src/org/adempiere/pipo2/PoFiller.java
+++ b/org.adempiere.pipo/src/org/adempiere/pipo2/PoFiller.java
@@ -214,7 +214,14 @@ public class PoFiller{
 				}
 				if (id > 0 && refTableName != null) {
 					if (foreignTable != null) {
-						PO subPo = foreignTable.getPO(id, po.get_TrxName());
+						/* Allow to read here from another tenant, cross tenant control is implemented later in a safe way */
+						PO subPo = null;
+		    			try {
+		    				PO.setCrossTenantSafe();
+		    				subPo = foreignTable.getPO(id, po.get_TrxName());
+		    			} finally {
+		    				PO.clearCrossTenantSafe();
+		    			}
 						if (subPo != null && subPo.getAD_Client_ID() != Env.getAD_Client_ID(ctx.ctx)) {
 							String accessLevel = foreignTable.getAccessLevel();
 							if ((MTable.ACCESSLEVEL_All.equals(accessLevel)