diff --git a/commerce.module b/commerce.module
index 7214e13..508829d 100644
--- a/commerce.module
+++ b/commerce.module
@@ -1195,7 +1195,10 @@ function commerce_entity_access_query_alter($query, $entity_type, $base_table =
     if (user_access('view any ' . $entity_type . ' entity of bundle ' . $bundle_name, $account)) {
       // Add a condition granting access if the entity specified by the view
       // query is of the same bundle.
-      $conditions->condition($base_table . '.' . $entity_info['entity keys']['bundle'], $bundle_name);
+      $conditions->condition(db_or()
+        ->condition($base_table . '.' . $entity_info['entity keys']['bundle'], $bundle_name)
+        ->isNull($base_table . '.' . $entity_info['entity keys']['id'])
+      );
     }
     elseif ($account->uid && !empty($entity_info['access arguments']['user key']) && user_access('view own ' . $entity_type . ' entities of bundle ' . $bundle_name, $account)) {
       // Otherwise if an authenticated user has access to view his own entities
@@ -1204,9 +1207,12 @@ function commerce_entity_access_query_alter($query, $entity_type, $base_table =
 
       // Add an AND condition group that grants access if the entity specified
       // by the view query matches the same bundle and belongs to the user.
-      $conditions->condition(db_and()
-        ->condition($base_table . '.' . $entity_info['entity keys']['bundle'], $bundle_name)
-        ->condition($base_table . '.' . $entity_info['access arguments']['user key'], $account->uid)
+      $conditions->condition(db_or()
+        ->condition(db_and()
+          ->condition($base_table . '.' . $entity_info['entity keys']['bundle'], $bundle_name)
+          ->condition($base_table . '.' . $entity_info['access arguments']['user key'], $account->uid)
+        )
+        ->isNull($base_table . '.' . $entity_info['entity keys']['id'])
       );
     }
     else {
@@ -1226,7 +1232,10 @@ function commerce_entity_access_query_alter($query, $entity_type, $base_table =
     // Perform 'view own' access control for the entity in the query if the user
     // is authenticated.
     if ($account->uid && user_access('view own ' . $entity_type . ' entities', $account)) {
-      $conditions->condition($base_table . '.' . $entity_info['access arguments']['user key'], $account->uid);
+      $conditions->condition(db_or()
+        ->condition($base_table . '.' . $entity_info['access arguments']['user key'], $account->uid)
+        ->isNull($base_table . '.' . $entity_info['entity keys']['id'])
+      );
     }
   }