diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
index 1586c52ef63..d193c943450 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
@@ -86,7 +86,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
 
         List<AclPolicy> policies = _iamSrv.listAclPolicies(account.getAccountId());
 
-        boolean isAllowed = _iamSrv.isAPIAccessibleForPolicies(commandName, policies);
+        boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies);
         if (!isAllowed) {
             throw new PermissionDeniedException("The API does not exist or is blacklisted. api: " + commandName);
         }
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
index fa746044ff4..e180000ee5b 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
@@ -25,9 +25,9 @@ import javax.inject.Inject;
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.acl.api.AclApiService;
-import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao;
-import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao;
 import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.IAMService;
 
 import com.cloud.acl.DomainChecker;
 import com.cloud.domain.dao.DomainDao;
@@ -47,10 +47,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
     @Inject DomainDao _domainDao;
 
     @Inject
-    AclGroupAccountMapDao _aclGroupAccountMapDao;
-
-    @Inject
-    AclPolicyPermissionDao _policyPermissionDao;
+    IAMService _iamSrv;
 
 
     @Override
@@ -74,15 +71,15 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
         HashMap<AclPolicy, Boolean> policyPermissionMap = new HashMap<AclPolicy, Boolean>();
 
         for (AclPolicy policy : policies) {
-            List<AclPolicyPermissionVO> permissions = new ArrayList<AclPolicyPermissionVO>();
+            List<AclPolicyPermission> permissions = new ArrayList<AclPolicyPermission>();
 
             if (action != null) {
-                permissions = _policyPermissionDao.listByPolicyActionAndEntity(policy.getId(),
-                    action, entityType);
+                permissions = _iamSrv.listPolicyPermissionByEntityType(policy.getId(), action, entityType);
             } else {
-                permissions = _policyPermissionDao.listByPolicyAccessAndEntity(policy.getId(), accessType, entityType);
+                permissions = _iamSrv.listPolicyPermissionByAccessType(policy.getId(), accessType.toString(),
+                        entityType, action);
             }
-            for (AclPolicyPermissionVO permission : permissions) {
+            for (AclPolicyPermission permission : permissions) {
                 if (checkPermissionScope(caller, permission.getScope(), entity)) {
                     if (permission.getEntityType().equals(entityType)) {
                         policyPermissionMap.put(policy, permission.getPermission().isGranted());
@@ -109,13 +106,13 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
         return false;
     }
 
-    private boolean checkPermissionScope(Account caller, PermissionScope scope, ControlledEntity entity) {
+    private boolean checkPermissionScope(Account caller, String scope, ControlledEntity entity) {
         
-        if(scope.equals(PermissionScope.ACCOUNT)){
+        if (scope.equals(PermissionScope.ACCOUNT.name())) {
             if(caller.getAccountId() == entity.getAccountId()){
                 return true;
             }
-        }else if(scope.equals(PermissionScope.DOMAIN)){
+        } else if (scope.equals(PermissionScope.DOMAIN.name())) {
             if (_domainDao.isChildDomain(caller.getDomainId(), entity.getDomainId())) {
                 return true;
             }
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
index 344e59c2e46..12ecf8b3d10 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
@@ -60,8 +60,6 @@ public interface AclApiService {
 
     AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action);
 
-    boolean isAPIAccessibleForPolicies(String apiName, List<AclPolicy> policies);
-
     List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity);
 
     /* Response Generation */
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
index 02d015cefeb..b117d0c5671 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
@@ -174,7 +174,8 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
         List<AclPolicy> policies = _iamSrv.listAclPolicies(accountId);
         AclPolicyPermission curPerm = null;
         for (AclPolicy policy : policies) {
-            List<AclPolicyPermission> perms = _iamSrv.listPollcyPermissionByEntityType(policy.getId(), action, entityType);
+            List<AclPolicyPermission> perms = _iamSrv.listPolicyPermissionByEntityType(policy.getId(), action,
+                    entityType);
             if (perms == null || perms.size() == 0)
                 continue;
             AclPolicyPermission perm = perms.get(0); // just pick one
@@ -190,12 +191,6 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
     }
 
 
-
-    @Override
-    public boolean isAPIAccessibleForPolicies(String apiName, List<AclPolicy> policies) {
-        return _iamSrv.isAPIAccessibleForPolicies(apiName, policies);
-    }
-
     @Override
     public List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
 
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
index f85803b7b72..2d303d1493c 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
@@ -66,12 +66,14 @@ public interface IAMService {
 
     List<AclPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope);
 
-    List<AclPolicyPermission> listPollcyPermissionByEntityType(long policyId, String action, String entityType);
+    List<AclPolicyPermission> listPolicyPermissionByEntityType(long policyId, String action, String entityType);
 
-    boolean isAPIAccessibleForPolicies(String apiName, List<AclPolicy> policies);
+    boolean isActionAllowedForPolicies(String action, List<AclPolicy> policies);
 
     List<Long> getGrantedEntities(long accountId, String action, String scope);
 
     AclPolicy resetAclPolicy(long aclPolicyId);
 
+    List<AclPolicyPermission> listPolicyPermissionByAccessType(long policyId, String accessType, String entityType, String action);
+
 }
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
index 3696bb96d29..e6fcdcdca4f 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@@ -601,9 +601,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
     }
 
     @Override
-    public boolean isAPIAccessibleForPolicies(String apiName, List<AclPolicy> policies) {
+    public boolean isActionAllowedForPolicies(String action, List<AclPolicy> policies) {
 
-        boolean accessible = false;
+        boolean allowed = false;
 
         List<Long> policyIds = new ArrayList<Long>();
         for (AclPolicy policy : policies) {
@@ -616,14 +616,15 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
 
         SearchCriteria<AclPolicyPermissionVO> sc = sb.create();
         sc.setParameters("policyId", policyIds.toArray(new Object[policyIds.size()]));
+        sc.setParameters("action", action);
 
         List<AclPolicyPermissionVO> permissions = _policyPermissionDao.customSearch(sc, null);
 
         if (permissions != null && !permissions.isEmpty()) {
-            accessible = true;
+            allowed = true;
         }
 
-        return accessible;
+        return allowed;
     }
 
 
@@ -664,13 +665,21 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
     }
 
     @Override
-    public List<AclPolicyPermission> listPollcyPermissionByEntityType(long policyId, String action, String entityType) {
+    public List<AclPolicyPermission> listPolicyPermissionByEntityType(long policyId, String action, String entityType) {
         List<AclPolicyPermissionVO> pp = _policyPermissionDao.listByPolicyActionAndEntity(policyId, action, entityType);
         List<AclPolicyPermission> pl = new ArrayList<AclPolicyPermission>();
         pl.addAll(pp);
         return pl;
     }
 
+    @Override
+    public List<AclPolicyPermission> listPolicyPermissionByAccessType(long policyId, String accessType, String entityType, String action) {
+        List<AclPolicyPermissionVO> pp = _policyPermissionDao.listByPolicyAccessAndEntity(policyId, accessType, entityType, action);
+        List<AclPolicyPermission> pl = new ArrayList<AclPolicyPermission>();
+        pl.addAll(pp);
+        return pl;
+    }
+    
     @Override
     public AclPolicy getResourceOwnerPolicy() {
         return _aclPolicyDao.findByName("RESOURCE_OWNER");
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java
index f2da895aa2f..5abadf948e8 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java
@@ -33,6 +33,6 @@ public interface AclPolicyPermissionDao extends GenericDao<AclPolicyPermissionVO
 
     List<AclPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType);
 
-    List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long id, String accessType, String entityType);
+    List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long id, String accessType, String entityType, String action);
 
 }
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java
index d738e007e48..b014cb494fd 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java
@@ -104,11 +104,12 @@ public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissi
 
     @Override
     public List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType,
-            String entityType) {
+            String entityType, String action) {
         SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
         sc.setParameters("policyId", policyId);
         sc.setParameters("entityType", entityType);
         sc.setParameters("accessType", accessType);
+        sc.setParameters("action", action);
         return listBy(sc);
     }