diff --git a/ChangeLog b/ChangeLog
index 419b641c0..7094a3922 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2007-12-06  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
 
+	* UI/Common/UIxAclEditor.m ([-currentUserIsOwner]): replaced
+	method with -canModifyAcls that invokes the security manager
+	instead for the permission "SaveAcls" on the client object.
+
 	* SoObjects/Appointments/SOGoCalendarComponent.m
 	([SOGoCalendarComponent -contentAsString]): securize the returned content.
 	([SOGoCalendarComponent -aclsForUser:uid]): check whether the user
diff --git a/SoObjects/Mailer/product.plist b/SoObjects/Mailer/product.plist
index 88954481c..dccd8726f 100644
--- a/SoObjects/Mailer/product.plist
+++ b/SoObjects/Mailer/product.plist
@@ -42,6 +42,8 @@
         "Add Documents, Images, and Files" = ( "Owner", "ObjectCreator" );
         "Delete Objects" = ( "Owner", "ObjectEraser" );
         "WebDAV Access" = ( "Owner", "ObjectViewer" );
+        "ReadAcls" = ( "Owner", "MailAdministrator" );
+        "SaveAcls" = ( "Owner", "MailAdministrator" );
       };
     };
     SOGoSharedInboxFolder = {
diff --git a/SoObjects/SOGo/SOGoPermissions.h b/SoObjects/SOGo/SOGoPermissions.h
index 53ed0e965..b300a1ccc 100644
--- a/SoObjects/SOGo/SOGoPermissions.h
+++ b/SoObjects/SOGo/SOGoPermissions.h
@@ -72,6 +72,7 @@ extern NSString *SOGoCalendarRole_ComponentResponder;
 
 extern NSString *SOGoPerm_AccessObject;
 extern NSString *SOGoPerm_ReadAcls;
+extern NSString *SOGoPerm_SaveAcls;
 extern NSString *SOGoPerm_FreeBusyLookup;
 
 extern NSString *SOGoCalendarPerm_ViewWholePublicRecords;
diff --git a/SoObjects/SOGo/SOGoPermissions.m b/SoObjects/SOGo/SOGoPermissions.m
index d6c25f3a9..fc98f0d1a 100644
--- a/SoObjects/SOGo/SOGoPermissions.m
+++ b/SoObjects/SOGo/SOGoPermissions.m
@@ -76,6 +76,7 @@ NSString *SOGoPerm_AccessObject= @"Access Object";
 NSString *SOGoPerm_ReadAcls = @"ReadAcls"; /* the equivalent of "read-acl" in
                                               the WebDAV acls spec, which is
                                               currently missing from SOPE */
+NSString *SOGoPerm_SaveAcls = @"SaveAcls";
 NSString *SOGoPerm_FreeBusyLookup = @"FreeBusyLookup";
 
 NSString *SOGoCalendarPerm_ViewWholePublicRecords = @"ViewWholePublicRecords";
diff --git a/UI/Common/UIxAclEditor.m b/UI/Common/UIxAclEditor.m
index 7d7936c4a..1d0a430e4 100644
--- a/UI/Common/UIxAclEditor.m
+++ b/UI/Common/UIxAclEditor.m
@@ -25,6 +25,7 @@
 #import <Foundation/NSKeyValueCoding.h>
 #import <NGObjWeb/SoUser.h>
 #import <NGObjWeb/WORequest.h>
+#import <NGObjWeb/SoSecurityManager.h>
 #import <NGCards/iCalPerson.h>
 #import <SoObjects/SOGo/LDAPUserManager.h>
 #import <SoObjects/SOGo/SOGoContentObject.h>
@@ -186,20 +187,15 @@
   return [self jsCloseWithRefreshMethod: nil];
 }
 
-- (BOOL) currentUserIsOwner
+- (BOOL) canModifyAcls
 {
-  SOGoObject *clientObject;
-  SOGoUser *user;
-  NSString *currentUserLogin, *ownerLogin;
-  
-  clientObject = [self clientObject];
-  ownerLogin = [clientObject ownerInContext: context];
-  user = [context activeUser];
-  currentUserLogin = [user login];
-  
-  return ([ownerLogin isEqualToString: currentUserLogin]
-	  || ([user respondsToSelector: @selector (isSuperUser)]
-	      && [user isSuperUser]));
+  SoSecurityManager *mgr;
+
+  mgr = [SoSecurityManager sharedSecurityManager];
+
+  return (![mgr validatePermission: SOGoPerm_SaveAcls
+		onObject: [self clientObject]
+		inContext: context]);
 }
 
 // - (id <WOActionResults>) addUserInAcls
diff --git a/UI/Templates/UIxAclEditor.wox b/UI/Templates/UIxAclEditor.wox
index 85ec94564..396a0e426 100644
--- a/UI/Templates/UIxAclEditor.wox
+++ b/UI/Templates/UIxAclEditor.wox
@@ -27,7 +27,7 @@
       <input id="defaultRolesBtn" type="button"
 	class="button" label:value="Default Roles"/>
       <div class="userSelector" id="userRoles">
-	<var:if condition="currentUserIsOwner">
+	<var:if condition="canModifyAcls">
 	  <span id="userSelectorButtons">
 	    <a href="#"
 	      class="button"><img rsrc:src="add-contact.gif"