diff --git a/fusion_plating/fusion_plating_portal/controllers/portal.py b/fusion_plating/fusion_plating_portal/controllers/portal.py
index 5e257c25..7048e855 100644
--- a/fusion_plating/fusion_plating_portal/controllers/portal.py
+++ b/fusion_plating/fusion_plating_portal/controllers/portal.py
@@ -392,7 +392,11 @@ class FpCustomerPortal(CustomerPortal):
         po_count = SO.search_count(po_domain)
 
         # Recent jobs (5)
-        Job = request.env['fusion.plating.portal.job']
+        # sudo() so the rendered cards can traverse job.x_fc_job_id -> fp.job
+        # -> sale_order_id without hitting the portal user's ACL block on
+        # fp.job. Domain still filters to the customer's own commercial
+        # partner tree, so sudo doesn't widen visibility.
+        Job = request.env['fusion.plating.portal.job'].sudo()
         job_domain = [('partner_id', 'child_of', commercial.id)]
         recent_jobs = Job.search(
             job_domain, order='received_date desc, id desc', limit=5
@@ -778,7 +782,11 @@ class FpCustomerPortal(CustomerPortal):
     def portal_my_jobs(self, page=1, sortby=None, **kw):
         partner = request.env.user.partner_id
         commercial = partner.commercial_partner_id
-        Job = request.env['fusion.plating.portal.job']
+        # sudo() so the rendered cards can traverse job.x_fc_job_id -> fp.job
+        # -> sale_order_id without hitting the portal user's ACL block on
+        # fp.job. Domain still filters to the customer's own commercial
+        # partner tree, so sudo doesn't widen visibility.
+        Job = request.env['fusion.plating.portal.job'].sudo()
         domain = [('partner_id', 'child_of', commercial.id)]
 
         searchbar_sortings = {
@@ -1199,7 +1207,11 @@ class FpCustomerPortal(CustomerPortal):
     def portal_my_certifications(self, page=1, sortby=None, **kw):
         partner = request.env.user.partner_id
         commercial = partner.commercial_partner_id
-        Job = request.env['fusion.plating.portal.job']
+        # sudo() so the rendered cards can traverse job.x_fc_job_id -> fp.job
+        # -> sale_order_id without hitting the portal user's ACL block on
+        # fp.job. Domain still filters to the customer's own commercial
+        # partner tree, so sudo doesn't widen visibility.
+        Job = request.env['fusion.plating.portal.job'].sudo()
         domain = [
             ('partner_id', 'child_of', commercial.id),
             ('coc_attachment_id', '!=', False),