diff --git a/back/methods/account/user-acl.js b/back/methods/account/user-acl.js
index e53e2aabf..2254726c6 100644
--- a/back/methods/account/user-acl.js
+++ b/back/methods/account/user-acl.js
@@ -1,18 +1,11 @@
 module.exports = Self => {
-    Self.remoteMethod('userAcl', {
+    Self.remoteMethodCtx('userAcl', {
         description: 'Get all of the current user permissions',
-        accepts: [
-            {
-                arg: 'ctx',
-                type: 'Object',
-                http: {source: 'context'}
-            },
-            {
-                arg: 'aclList',
-                type: 'Object',
-                required: true,
-            }
-        ],
+        accepts: {
+            arg: 'roles',
+            type: 'any',
+            required: true,
+        },
         returns: {
             type: 'Object',
             root: true
@@ -23,13 +16,7 @@ module.exports = Self => {
         }
     });
 
-    Self.userAcl = async function(ctx, aclList) {
-        const ACLs = [];
-
-        for (let key in aclList) {
-            const acl = await Self.app.models.ACL.findOne({where: {principalId: key}});
-            if (acl) ACLs.push(acl);
-        }
-        return ACLs;
+    Self.userAcl = async function(roles) {
+        return Self.app.models.ACL.find({principalId: {inq: {roles}}}, null);
     };
 };
diff --git a/back/models/account.json b/back/models/account.json
index 5e35c711a..8e1e0e3b2 100644
--- a/back/models/account.json
+++ b/back/models/account.json
@@ -119,6 +119,13 @@
 			"principalType": "ROLE",
 			"principalId": "$authenticated",
 			"permission": "ALLOW"
+		},
+		{
+			"property": "userAcl",
+			"accessType": "*",
+			"principalType": "ROLE",
+			"principalId": "$everyone",
+			"permission": "ALLOW"
 		}
 	]
 }
diff --git a/front/core/services/acl-service.js b/front/core/services/acl-service.js
index f72de956f..02aaf42af 100644
--- a/front/core/services/acl-service.js
+++ b/front/core/services/acl-service.js
@@ -14,27 +14,21 @@ class AclService {
         return this.$http.get('Accounts/acl').then(async res => {
             this.user = res.data.user;
             this.roles = {};
-            this.rolesMap = {};
-            res.data.roles.forEach(role => {
-                if (role.role) {
-                    this.rolesMap[role.role.name] = true;
+
+            for (let role of res.data.roles) {
+                if (role.role)
                     this.roles[role.role.name] = true;
-                }
-            });
+            }
 
             this.acls = {};
-            await this.$http.post('Accounts/user/acl', {aclList: this.rolesMap}).then(res => {
+            await this.$http.post('Accounts/user/acl',
+                {roles: Object.keys(this.roles)}).then(res => {
                 res.data.forEach(acl => {
                     this.acls[acl.model] = this.acls[acl.model] || {};
                     this.acls[acl.model][acl.property] = this.acls[acl.model][acl.property] || {};
                     this.acls[acl.model][acl.property][acl.accessType] = true;
                 });
             });
-
-            for (let role of res.data.roles) {
-                if (role.role)
-                    this.roles[role.role.name] = true;
-            }
         });
     }