diff --git a/api/src/com/cloud/user/AccountService.java b/api/src/com/cloud/user/AccountService.java
index 85c71cace24..7e37b386b96 100755
--- a/api/src/com/cloud/user/AccountService.java
+++ b/api/src/com/cloud/user/AccountService.java
@@ -88,9 +88,9 @@ public interface AccountService {
 
     User getUserIncludingRemoved(long userId);
 
-    boolean isRootAdmin(long accountId);
+    boolean isRootAdmin(Long accountId);
 
-    boolean isDomainAdmin(long accountId);
+    boolean isDomainAdmin(Long accountId);
 
     boolean isNormalUser(long accountId);
 
diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java
index 0554e3a6e75..b932d422db5 100644
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@ -520,7 +520,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
         _accountMgr.buildACLViewSearchCriteria(sc, aclSc, isRecursive, permittedDomains, permittedAccounts, permittedResources, listProjectResourcesCriteria);
 
         // For end users display only enabled events
-        if(!_accountMgr.isRootAdmin(caller.getType())){
+        if (!_accountMgr.isRootAdmin(caller.getId())) {
             sc.setParameters("displayEvent", true);
         }
 
diff --git a/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java b/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
index 74c141edbd1..c1f336cb673 100644
--- a/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
+++ b/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
@@ -508,7 +508,7 @@ public class DeploymentPlanningManagerImpl extends ManagerBase implements Deploy
 
         // check if zone is dedicated. if yes check if vm owner has acess to it.
         DedicatedResourceVO dedicatedZone = _dedicatedDao.findByZoneId(dc.getId());
-        if (dedicatedZone != null && !_accountMgr.isRootAdmin(vmProfile.getOwner().getType())) {
+        if (dedicatedZone != null && !_accountMgr.isRootAdmin(vmProfile.getOwner().getId())) {
             long accountDomainId = vmProfile.getOwner().getDomainId();
             long accountId = vmProfile.getOwner().getAccountId();
 
diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java
index be95a360bd4..9185d848248 100755
--- a/server/src/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/com/cloud/network/NetworkServiceImpl.java
@@ -1805,7 +1805,7 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService {
         // Perform permission check
         _accountMgr.checkAccess(caller, null, true, network);
 
-        if (forced && !_accountMgr.isRootAdmin(caller.getType())) {
+        if (forced && !_accountMgr.isRootAdmin(caller.getId())) {
             throw new InvalidParameterValueException("Delete network with 'forced' option can only be called by root admins");
         }
 
diff --git a/server/src/com/cloud/storage/VolumeApiServiceImpl.java b/server/src/com/cloud/storage/VolumeApiServiceImpl.java
index 5ce07f0bb3b..30b5479b630 100644
--- a/server/src/com/cloud/storage/VolumeApiServiceImpl.java
+++ b/server/src/com/cloud/storage/VolumeApiServiceImpl.java
@@ -386,7 +386,7 @@ public class VolumeApiServiceImpl extends ManagerBase implements VolumeApiServic
         if (displayVolume == null) {
             displayVolume = true;
         } else {
-            if (!_accountMgr.isRootAdmin(caller.getType())) {
+            if (!_accountMgr.isRootAdmin(caller.getId())) {
                 throw new PermissionDeniedException("Cannot update parameter displayvolume, only admin permitted ");
             }
         }
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 04d3e23b911..1b68b0c76a9 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -366,37 +366,40 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
     }
 
     @Override
-    public boolean isRootAdmin(long accountId) {
-        AccountVO acct = _accountDao.findById(accountId);
-        for (SecurityChecker checker : _securityCheckers) {
-            try {
-                if (checker.checkAccess(acct, null, null, "SystemCapability")) {
-                    if (s_logger.isDebugEnabled()) {
-                        s_logger.debug("Root Access granted to " + acct + " by " + checker.getName());
+    public boolean isRootAdmin(Long accountId) {
+        if (accountId != null) {
+            AccountVO acct = _accountDao.findById(accountId);
+            for (SecurityChecker checker : _securityCheckers) {
+                try {
+                    if (checker.checkAccess(acct, null, null, "SystemCapability")) {
+                        if (s_logger.isDebugEnabled()) {
+                            s_logger.debug("Root Access granted to " + acct + " by " + checker.getName());
+                        }
+                        return true;
                     }
-                    return true;
+                } catch (PermissionDeniedException ex) {
+                    return false;
                 }
-            } catch (PermissionDeniedException ex) {
-                return false;
             }
         }
-
         return false;
     }
 
     @Override
-    public boolean isDomainAdmin(long accountId) {
-        AccountVO acct = _accountDao.findById(accountId);
-        for (SecurityChecker checker : _securityCheckers) {
-            try {
-                if (checker.checkAccess(acct, null, null, "DomainCapability")) {
-                    if (s_logger.isDebugEnabled()) {
-                        s_logger.debug("Root Access granted to " + acct + " by " + checker.getName());
+    public boolean isDomainAdmin(Long accountId) {
+        if (accountId != null) {
+            AccountVO acct = _accountDao.findById(accountId);
+            for (SecurityChecker checker : _securityCheckers) {
+                try {
+                    if (checker.checkAccess(acct, null, null, "DomainCapability")) {
+                        if (s_logger.isDebugEnabled()) {
+                            s_logger.debug("Root Access granted to " + acct + " by " + checker.getName());
+                        }
+                        return true;
                     }
-                    return true;
+                } catch (PermissionDeniedException ex) {
+                    return false;
                 }
-            } catch (PermissionDeniedException ex) {
-                return false;
             }
         }
         return false;
diff --git a/server/src/com/cloud/uuididentity/UUIDManagerImpl.java b/server/src/com/cloud/uuididentity/UUIDManagerImpl.java
index c514746d4da..a1d14523749 100644
--- a/server/src/com/cloud/uuididentity/UUIDManagerImpl.java
+++ b/server/src/com/cloud/uuididentity/UUIDManagerImpl.java
@@ -50,7 +50,7 @@ public class UUIDManagerImpl implements UUIDManager {
         Account caller = CallContext.current().getCallingAccount();
 
         // Only admin and system allowed to do this
-        if (!(caller.getId() == Account.ACCOUNT_ID_SYSTEM || _accountMgr.isRootAdmin(caller.getType()))) {
+        if (!(caller.getId() == Account.ACCOUNT_ID_SYSTEM || _accountMgr.isRootAdmin(caller.getId()))) {
             throw new PermissionDeniedException("Please check your permissions, you are not allowed to create/update custom id");
         }
 
diff --git a/server/test/com/cloud/user/MockAccountManagerImpl.java b/server/test/com/cloud/user/MockAccountManagerImpl.java
index b411b18f020..f373cba922f 100644
--- a/server/test/com/cloud/user/MockAccountManagerImpl.java
+++ b/server/test/com/cloud/user/MockAccountManagerImpl.java
@@ -162,7 +162,7 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco
     }
 
     @Override
-    public boolean isRootAdmin(long accountId) {
+    public boolean isRootAdmin(Long accountId) {
         // TODO Auto-generated method stub
         return false;
     }
@@ -298,7 +298,7 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco
     }
 
     @Override
-    public boolean isDomainAdmin(long accountId) {
+    public boolean isDomainAdmin(Long accountId) {
         // TODO Auto-generated method stub
         return false;
     }
@@ -356,4 +356,5 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco
         return null;
     }
 
+
 }
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index 02bb7022eed..3fe854a2a00 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -63,6 +63,9 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
     public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType, String action)
             throws PermissionDeniedException {
 
+        if (caller == null) {
+            throw new InvalidParameterValueException("Caller cannot be passed as NULL to IAM!");
+        }
         if (entity == null && action != null) {
             // check if caller can do this action
             List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getAccountId());