diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyPermissionVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyPermissionVO.java
index 87f490b0b38..47576119a73 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyPermissionVO.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyPermissionVO.java
@@ -60,6 +60,9 @@ public class AclPolicyPermissionVO implements AclPolicyPermission {
     @Column(name = "permission")
     @Enumerated(value = EnumType.STRING)
     private Permission permission;
+    
+    @Column(name = "recursive")
+    private Boolean recursive;  
 
     @Column(name = GenericDao.REMOVED_COLUMN)
     private Date removed;
@@ -72,7 +75,7 @@ public class AclPolicyPermissionVO implements AclPolicyPermission {
     }
 
     public AclPolicyPermissionVO(long aclPolicyId, String action, String entityType, String accessType, String scope,
-            Long scopeId, Permission permission) {
+            Long scopeId, Permission permission, Boolean recursive) {
         this.aclPolicyId = aclPolicyId;
         this.action = action;
         this.entityType = entityType;
@@ -80,6 +83,7 @@ public class AclPolicyPermissionVO implements AclPolicyPermission {
         this.scope = scope;
         this.scopeId = scopeId;
         this.permission = permission;
+        this.recursive = recursive;
     }
 
     @Override
@@ -169,4 +173,9 @@ public class AclPolicyPermissionVO implements AclPolicyPermission {
     public Date getCreated() {
         return created;
     }
+    
+    public Boolean isRecursive() {
+        return recursive;
+    }
+    
 }
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
index 11116b0be61..9d8e2b4ca99 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@@ -555,7 +555,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
         AclPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm);
         if (permit == null) {
             // not there already
-            permit = new AclPolicyPermissionVO(aclPolicyId, action, entityType, accessType, scope, scopeId, perm);
+            permit = new AclPolicyPermissionVO(aclPolicyId, action, entityType, accessType, scope, scopeId, perm, false);
             _policyPermissionDao.persist(permit);
         }
         return policy;
diff --git a/setup/db/db/schema-430to440.sql b/setup/db/db/schema-430to440.sql
index 92957b2ebf5..e7924806b6b 100644
--- a/setup/db/db/schema-430to440.sql
+++ b/setup/db/db/schema-430to440.sql
@@ -522,6 +522,7 @@ CREATE TABLE `cloud`.`acl_policy_permission` (
   `scope` varchar(40) DEFAULT NULL,
   `access_type` varchar(40) DEFAULT NULL,
   `permission`  varchar(40) NOT NULL COMMENT 'Allow or Deny',
+  `recursive` int(1) unsigned NOT NULL DEFAULT 0 COMMENT '1 if this permission applies recursively in a group/policy hierarchy',
   `removed` datetime DEFAULT NULL COMMENT 'date the permission was revoked',
   `created` datetime DEFAULT NULL COMMENT 'date the permission was granted',
   PRIMARY KEY (`id`),