diff --git a/config/alfresco/model-specific-services-context.xml b/config/alfresco/model-specific-services-context.xml
index 0bfedcde96..bd6bc7fcbc 100644
--- a/config/alfresco/model-specific-services-context.xml
+++ b/config/alfresco/model-specific-services-context.xml
@@ -6,12 +6,11 @@
    <bean name="fileFolderService" class="org.alfresco.repo.model.filefolder.FileFolderServiceImpl" init-method="init">
       <property name="namespaceService"><ref bean="namespaceService" /></property>
       <property name="dictionaryService"><ref bean="dictionaryService" /></property>
-      <property name="nodeService"><ref bean="NodeService" /></property>
-      <property name="copyService"><ref bean="CopyService" /></property>
-      <!-- NOTE: using Big SearchService until AR-279 is completed -->
-      <property name="searchService"><ref bean="SearchService" /></property>
-      <property name="contentService"><ref bean="ContentService" /></property>
-      <property name="mimetypeService"><ref bean="MimetypeService" /></property>
+      <property name="nodeService"><ref bean="nodeService" /></property>
+      <property name="copyService"><ref bean="copyService" /></property>
+      <property name="searchService"><ref bean="searchService" /></property>
+      <property name="contentService"><ref bean="contentService" /></property>
+      <property name="mimetypeService"><ref bean="mimetypeService" /></property>
 
       <property name="systemPaths">
          <list>
diff --git a/config/alfresco/public-services-context.xml b/config/alfresco/public-services-context.xml
index 475d0fbc5e..e536595323 100644
--- a/config/alfresco/public-services-context.xml
+++ b/config/alfresco/public-services-context.xml
@@ -915,6 +915,7 @@
             <list>
                 <idref local="FileFolderService_transaction" />
                 <idref local="exceptionTranslator" />
+                <idref bean="FileFolderService_security" />
     		</list>
     	</property>
     </bean>
diff --git a/config/alfresco/public-services-security-context.xml b/config/alfresco/public-services-security-context.xml
index 441de66c34..a9d4686d03 100644
--- a/config/alfresco/public-services-security-context.xml
+++ b/config/alfresco/public-services-security-context.xml
@@ -353,6 +353,35 @@
         </property>
     </bean>
     
+    <!-- ============================== -->
+    <!-- FileFolder Service Permissions -->
+    <!-- ============================== -->
+    
+    <bean id="FileFolderService_security" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
+        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
+        <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
+        <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
+        <property name="objectDefinitionSource">
+            <value>
+               org.alfresco.service.cmr.model.FileFolderService.list=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
+               org.alfresco.service.cmr.model.FileFolderService.listFiles=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
+               org.alfresco.service.cmr.model.FileFolderService.listFolders=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
+               org.alfresco.service.cmr.model.FileFolderService.search=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
+               org.alfresco.service.cmr.model.FileFolderService.rename=ACL_PARENT.0.sys:base.CreateChildren,AFTER_ACL_NODE.0.sys:base.WriteProperties
+               org.alfresco.service.cmr.model.FileFolderService.move=ACL_NODE.0.sys:base.DeleteNode,ACL_NODE.1.sys:base.CreateChildren
+               org.alfresco.service.cmr.model.FileFolderService.copy=ACL_NODE.0.sys:base.Read,ACL_NODE.1.sys:base.CreateChildren
+               org.alfresco.service.cmr.model.FileFolderService.create=ACL_PARENT.0.sys:base.CreateChildren
+               org.alfresco.service.cmr.model.FileFolderService.delete=ACL_NODE.0.sys:base.DeleteNode
+               org.alfresco.service.cmr.model.FileFolderService.makeFolders=AFTER_ACL_PARENT.0.sys:base.CreateChildren
+               org.alfresco.service.cmr.model.FileFolderService.getNamePath=ACL_NODE.1.sys:base.ReadProperties
+               org.alfresco.service.cmr.model.FileFolderService.resolveNamePath=AFTER_ACL_NODE.0.sys:base.ReadProperties
+               org.alfresco.service.cmr.model.FileFolderService.getFileInfo=ACL_NODE.0.sys:base.ReadProperties
+               org.alfresco.service.cmr.model.FileFolderService.getReader=ACL_NODE.0.sys:base.ReadContent
+               org.alfresco.service.cmr.model.FileFolderService.getWriter=ACL_NODE.0.sys:base.WriteContent
+            </value>
+        </property>
+    </bean>
+    
     <!-- =========================== -->
     <!-- Content Service Permissions -->
     <!-- =========================== -->
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationProvider.java b/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationProvider.java
index 77921b8e2e..83a3cc7b2e 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationProvider.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationProvider.java
@@ -33,6 +33,7 @@ import net.sf.acegisecurity.afterinvocation.AfterInvocationProvider;
 
 import org.alfresco.repo.search.SimpleResultSetMetaData;
 import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
+import org.alfresco.service.cmr.model.FileInfo;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
@@ -175,6 +176,10 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
                 }
                 return decide(authentication, object, config, (NodeRef) returnedObject);
             }
+            else if (FileInfo.class.isAssignableFrom(returnedObject.getClass()))
+            {
+                return decide(authentication, object, config, (FileInfo) returnedObject);
+            }
             else if (ChildAssociationRef.class.isAssignableFrom(returnedObject.getClass()))
             {
                 if (log.isDebugEnabled())
@@ -237,7 +242,10 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
 
     }
 
-    public NodeRef decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+    public NodeRef decide(
+            Authentication authentication,
+            Object object,
+            ConfigAttributeDefinition config,
             NodeRef returnedObject) throws AccessDeniedException
 
     {
@@ -277,6 +285,20 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
         return returnedObject;
     }
 
+    public FileInfo decide(
+            Authentication authentication,
+            Object object,
+            ConfigAttributeDefinition config,
+            FileInfo returnedObject) throws AccessDeniedException
+
+    {
+        NodeRef nodeRef = returnedObject.getNodeRef();
+        // this is virtually equivalent to the noderef
+        decide(authentication, object, config, nodeRef);
+        // the noderef was allowed
+        return returnedObject;
+    }
+
     private List<ConfigAttributeDefintion> extractSupportedDefinitions(ConfigAttributeDefinition config)
     {
         List<ConfigAttributeDefintion> definitions = new ArrayList<ConfigAttributeDefintion>();
@@ -455,31 +477,23 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
                     if (StoreRef.class.isAssignableFrom(nextObject.getClass()))
                     {
                         testNodeRef = nodeService.getRootNode((StoreRef) nextObject);
-                        if (log.isDebugEnabled())
-                        {
-                            log.debug("\tNode Test on store " + nodeService.getPath(testNodeRef));
-                        }
                     }
                     else if (NodeRef.class.isAssignableFrom(nextObject.getClass()))
                     {
                         testNodeRef = (NodeRef) nextObject;
-                        if (log.isDebugEnabled())
-                        {
-                            log.debug("\tNode Test on node " + nodeService.getPath(testNodeRef));
-                        }
                     }
                     else if (ChildAssociationRef.class.isAssignableFrom(nextObject.getClass()))
                     {
                         testNodeRef = ((ChildAssociationRef) nextObject).getChildRef();
-                        if (log.isDebugEnabled())
-                        {
-                            log.debug("\tNode Test on child association ref using " + nodeService.getPath(testNodeRef));
-                        }
+                    }
+                    else if (FileInfo.class.isAssignableFrom(nextObject.getClass()))
+                    {
+                        testNodeRef = ((FileInfo) nextObject).getNodeRef();
                     }
                     else
                     {
                         throw new ACLEntryVoterException(
-                                "The specified parameter is not a collection of NodeRefs or ChildAssociationRefs");
+                                "The specified parameter is not a collection of NodeRefs, ChildAssociationRefs or FileInfos");
                     }
                 }
                 else if (cad.typeString.equals(AFTER_ACL_PARENT))
@@ -488,27 +502,18 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
                     {
                         // Will be allowed
                         testNodeRef = null;
-                        if (log.isDebugEnabled())
-                        {
-                            log.debug("\tParent Test on store ");
-                        }
                     }
                     else if (NodeRef.class.isAssignableFrom(nextObject.getClass()))
                     {
                         testNodeRef = nodeService.getPrimaryParent((NodeRef) nextObject).getParentRef();
-                        if (log.isDebugEnabled())
-                        {
-                            log.debug("\tParent test on node " + nodeService.getPath(testNodeRef));
-                        }
                     }
                     else if (ChildAssociationRef.class.isAssignableFrom(nextObject.getClass()))
                     {
                         testNodeRef = ((ChildAssociationRef) nextObject).getParentRef();
-                        if (log.isDebugEnabled())
-                        {
-                            log.debug("\tParent Test on child association ref using "
-                                    + nodeService.getPath(testNodeRef));
-                        }
+                    }
+                    else if (FileInfo.class.isAssignableFrom(nextObject.getClass()))
+                    {
+                        testNodeRef = ((FileInfo) nextObject).getNodeRef();
                     }
                     else
                     {
@@ -516,7 +521,12 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
                                 "The specified parameter is not a collection of NodeRefs or ChildAssociationRefs");
                     }
                 }
-
+                
+                if (log.isDebugEnabled())
+                {
+                    log.debug("\t" + cad.typeString + " test on " + testNodeRef + " from " + nextObject.getClass().getName());
+                }
+                
                 if (allowed
                         && (testNodeRef != null)
                         && (permissionService.hasPermission(testNodeRef, cad.required.toString()) == AccessStatus.DENIED))
@@ -576,6 +586,10 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
                     {
                         testNodeRef = ((ChildAssociationRef) current).getChildRef();
                     }
+                    else if (FileInfo.class.isAssignableFrom(current.getClass()))
+                    {
+                        testNodeRef = ((FileInfo) current).getNodeRef();
+                    }
                     else
                     {
                         throw new ACLEntryVoterException("The specified array is not of NodeRef or ChildAssociationRef");
@@ -596,12 +610,21 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
                     {
                         testNodeRef = ((ChildAssociationRef) current).getParentRef();
                     }
+                    else if (FileInfo.class.isAssignableFrom(current.getClass()))
+                    {
+                        testNodeRef = ((FileInfo) current).getNodeRef();
+                    }
                     else
                     {
                         throw new ACLEntryVoterException("The specified array is not of NodeRef or ChildAssociationRef");
                     }
                 }
 
+                if (log.isDebugEnabled())
+                {
+                    log.debug("\t" + cad.typeString + " test on " + testNodeRef + " from " + current.getClass().getName());
+                }
+
                 if (incudedSet.get(i)
                         && (testNodeRef != null)
                         && (permissionService.hasPermission(testNodeRef, cad.required.toString()) == AccessStatus.DENIED))
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoter.java b/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoter.java
index 1e01b80e5e..fef50dd7f4 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoter.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoter.java
@@ -153,8 +153,8 @@ public class ACLEntryVoter implements AccessDecisionVoter, InitializingBean
         if ((attribute.getAttribute() != null)
                 && (attribute.getAttribute().startsWith(ACL_NODE)
                         || attribute.getAttribute().startsWith(ACL_PARENT)
-                        || attribute.getAttribute().startsWith(ACL_ALLOW) || attribute.getAttribute().startsWith(
-                        ACL_METHOD)))
+                        || attribute.getAttribute().startsWith(ACL_ALLOW)
+                        || attribute.getAttribute().startsWith(ACL_METHOD)))
         {
             return true;
         }