diff --git a/draft/application/cms/src/cms_execution.e b/draft/application/cms/src/cms_execution.e
index d400b150..f8682183 100644
--- a/draft/application/cms/src/cms_execution.e
+++ b/draft/application/cms/src/cms_execution.e
@@ -77,7 +77,7 @@ feature -- Access: CMS
 
 feature -- Permission
 
-	has_permissions (lst: detachable ITERABLE [READABLE_STRING_8]): BOOLEAN
+	frozen has_permissions (lst: detachable ITERABLE [READABLE_STRING_8]): BOOLEAN
 		do
 			if lst = Void then
 				Result := True
@@ -86,9 +86,11 @@ feature -- Permission
 			end
 		end
 
-	has_permission (s: detachable READABLE_STRING_8): BOOLEAN
+	frozen has_permission (s: detachable READABLE_STRING_8): BOOLEAN
 			-- Anonymous or Current `user' has permission for `s'
 			--| `s' could be "create page",
+		local
+			u: detachable CMS_USER
 		do
 			if s = Void then
 				Result := True
@@ -96,10 +98,11 @@ feature -- Permission
 				if s.same_string ("authenticated") then
 					Result := authenticated
 				else
-					if s.has_substring ("admin") or s.has_substring ("users") then
-						Result := attached user as u and then u.is_admin
-					else
+					u := user
+					if u /= Void and then u.is_admin then
 						Result := True
+					else
+						Result := service.user_has_permission (u, s)
 					end
 				end
 			end
diff --git a/draft/application/cms/src/cms_service.e b/draft/application/cms/src/cms_service.e
index 027c2de2..987a6599 100644
--- a/draft/application/cms/src/cms_service.e
+++ b/draft/application/cms/src/cms_service.e
@@ -308,6 +308,15 @@ feature -- Report
 			Result := req.path_info.same_string (front_path)
 		end
 
+feature {CMS_EXECUTION, CMS_MODULE} -- Security report
+
+	user_has_permission (u: detachable CMS_USER; s: detachable READABLE_STRING_8): BOOLEAN
+			-- Anonymous or user `u' has permission for `s' ?
+			--| `s' could be "create page",	
+		do
+			Result := storage.user_has_permission (u, s)
+		end
+
 feature -- Storage
 
 	session_controller (req: WSF_REQUEST): CMS_SESSION_CONTROLER
diff --git a/draft/application/cms/src/storage/cms_storage.e b/draft/application/cms/src/storage/cms_storage.e
index e73de29f..dfe92401 100644
--- a/draft/application/cms/src/storage/cms_storage.e
+++ b/draft/application/cms/src/storage/cms_storage.e
@@ -56,6 +56,19 @@ feature -- Access: user
 		deferred
 		end
 
+	user_has_permission (u: detachable CMS_USER; s: detachable READABLE_STRING_8): BOOLEAN
+			-- Anonymous or user `u' has permission for `s' ?
+			--| `s' could be "create page",	
+		do
+			if s = Void then
+				Result := True
+			elseif s.has_substring ("admin") or s.has_substring ("users") then
+				Result := False
+			else
+				Result := True
+			end
+		end
+
 feature -- Change: user
 
 	save_user (a_user: CMS_USER)