diff --git a/src/main/java/org/gcube/portlets/admin/authportletmanager/server/AuthServiceImpl.java b/src/main/java/org/gcube/portlets/admin/authportletmanager/server/AuthServiceImpl.java
index 2a6e9ba..d565914 100644
--- a/src/main/java/org/gcube/portlets/admin/authportletmanager/server/AuthServiceImpl.java
+++ b/src/main/java/org/gcube/portlets/admin/authportletmanager/server/AuthServiceImpl.java
@@ -515,7 +515,49 @@ implements AuthManagerService {
 			ServiceAccess service=new ServiceAccess(policy.getService().getServiceName(), policy.getService().getServiceClass(), policy.getService().getServiceId());
 			logger.info("updatePolicy -policy.getCallerAsString()"+policy.getCallerAsString());
 			Action access =Action.valueOf(policy.getAccessString());
-			policies.add(new User2ServicePolicy(context, service, Users.one(policy.getCallerAsString()), access  ));
+			
+
+			if (policy.getCallerTypeAsString().equalsIgnoreCase(TypeCaller.user.toString())){
+				logger.debug("add policy with user");
+				policies.add(new User2ServicePolicy(context, service, Users.one(policy.getCallerAsString()), access  ));
+			}
+			else if (policy.getCallerTypeAsString().equalsIgnoreCase(TypeCaller.role.toString())){
+				logger.debug("add policy with role");
+				policies.add(new User2ServicePolicy(context, service, Roles.one(policy.getCallerAsString()), access  ));
+			}
+			else if (policy.getCallerTypeAsString().equalsIgnoreCase(TypeCaller.service.toString())){
+				logger.debug("add policy with service");
+				String[] policyService=policy.getCallerAsString().split(":");
+				String serviceName=policyService[0].trim();
+				String serviceClass=policyService[1].trim();
+				String serviceId="All";
+				if (policyService.length==3)
+					serviceId=policy.getCallerAsString().split(":")[2];
+				ServiceAccess serviceCaller =new ServiceAccess(serviceName, serviceClass, serviceId);
+				policies.add(new Service2ServicePolicy(context,service,Services.specialized(serviceCaller),access));
+			}
+			else{
+				String[] allExecpt=policy.getCallerTypeAsString().trim().split(" ");
+				if (allExecpt.length>0){
+					if (allExecpt[0].equalsIgnoreCase(TypeCaller.user.toString())){
+						logger.debug("add policy with user execpt");
+						policies.add(new User2ServicePolicy(context, service, Users.allExcept(policy.getCallerExecptAsString()), access  ));
+					}
+					else if (allExecpt[0].equalsIgnoreCase(TypeCaller.role.toString())){
+						logger.debug("add policy with role execpt");
+						policies.add(new User2ServicePolicy(context, service, Roles.allExcept(policy.getCallerExecptAsString()), access  ));
+					}
+					else{
+						logger.error("ERROR caller type not recognized"+allExecpt[0]);
+						throw new TypeCallerException("Caller type not found");
+					}
+				}
+				else{
+					logger.error("ERROR caller type not recognized"+policy.getCallerTypeAsString());
+					throw new TypeCallerException("Caller type not found");
+				}
+			}
+			//policies.add(new User2ServicePolicy(context, service, Users.one(policy.getCallerAsString()), access  ));
 			authorizationService().addPolicies(policies);
 
 		} catch (ServiceException e) {