diff --git a/src/main/java/org/gcube/gcat/persistence/ckan/CKANUserCache.java b/src/main/java/org/gcube/gcat/persistence/ckan/CKANUserCache.java
index 63a4add..86924cf 100644
--- a/src/main/java/org/gcube/gcat/persistence/ckan/CKANUserCache.java
+++ b/src/main/java/org/gcube/gcat/persistence/ckan/CKANUserCache.java
@@ -60,11 +60,16 @@ public abstract class CKANUserCache {
 	}
 	
 	public synchronized static void removeUserFromCache() {
+		SecretManager secretManager = SecretManagerProvider.instance.get();
+		String gcubeUsername = secretManager.getUser().getUsername();
+		removeUserFromCache(gcubeUsername);
+	}
+	
+	public synchronized static void removeUserFromCache(String gcubeUsername) {
 		SecretManager secretManager = SecretManagerProvider.instance.get();
 		String context = secretManager.getContext();
 		Cache<String,CKANUser> userCache = userCachePerContext.get(context);
 		if(userCache != null) {
-			String gcubeUsername = secretManager.getUser().getUsername();
 			userCache.remove(gcubeUsername);
 		}
 	}
diff --git a/src/main/java/org/gcube/gcat/rest/User.java b/src/main/java/org/gcube/gcat/rest/User.java
index c1235a6..f9936f8 100644
--- a/src/main/java/org/gcube/gcat/rest/User.java
+++ b/src/main/java/org/gcube/gcat/rest/User.java
@@ -2,6 +2,7 @@ package org.gcube.gcat.rest;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
+import javax.ws.rs.ForbiddenException;
 import javax.ws.rs.GET;
 //import javax.ws.rs.NotAuthorizedException;
 import javax.ws.rs.POST;
@@ -12,9 +13,12 @@ import javax.ws.rs.Produces;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 
+import org.gcube.common.authorization.utils.manager.SecretManager;
+import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
 import org.gcube.gcat.annotation.PURGE;
 //import org.gcube.common.authorization.control.annotations.AuthorizationControl;
 import org.gcube.gcat.api.GCatConstants;
+import org.gcube.gcat.api.roles.Role;
 //import org.gcube.gcat.api.roles.Role;
 import org.gcube.gcat.persistence.ckan.CKANUser;
 import org.gcube.gcat.persistence.ckan.CKANUserCache;
@@ -25,10 +29,11 @@ import org.gcube.gcat.persistence.ckan.CKANUserCache;
 @Path(User.USERS)
 public class User extends REST<CKANUser> implements org.gcube.gcat.api.interfaces.User<Response,Response> {
 	
-	protected static final String USER_ID_PARAMETER = "USER_ID";
+	protected static final String GCUBE_USERNAME_PARAMETER = "GCUBE_USERNAME";
+	protected static final String CKAN_USER_ID_PARAMETER = "USER_ID";
 	
 	public User() {
-		super(USERS, USER_ID_PARAMETER, CKANUser.class);
+		super(USERS, CKAN_USER_ID_PARAMETER, CKANUser.class);
 	}
 	
 	@GET
@@ -48,40 +53,57 @@ public class User extends REST<CKANUser> implements org.gcube.gcat.api.interface
 	}
 	
 	@GET
-	@Path("/{" + USER_ID_PARAMETER + "}")
+	@Path("/{" + CKAN_USER_ID_PARAMETER + "}")
 	@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
 	@Override
 //	@AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
-	public String read(@PathParam(USER_ID_PARAMETER) String username) {
+	public String read(@PathParam(CKAN_USER_ID_PARAMETER) String username) {
 		return super.read(username);
 	}
 	
 	@PUT
-	@Path("/{" + USER_ID_PARAMETER + "}")
+	@Path("/{" + CKAN_USER_ID_PARAMETER + "}")
 	@Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
 	@Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8)
 	@Override
 //	@AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
-	public String update(@PathParam(USER_ID_PARAMETER) String username, String json) {
+	public String update(@PathParam(CKAN_USER_ID_PARAMETER) String username, String json) {
 		return super.update(username, json);
 	}
 	
-	@DELETE
-	@Path("/{" + USER_ID_PARAMETER + "}")
-//	@AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
-	/*
-	 * Purge user form cache
-	 */
-	public Response delete(@PathParam(USER_ID_PARAMETER) String username) {
-		CKANUserCache.removeUserFromCache();
-		return Response.status(Status.NO_CONTENT).build(); 
-	}
-	
 	@PURGE
-	@Path("/{" + USER_ID_PARAMETER + "}")
+	@Path("/{" + CKAN_USER_ID_PARAMETER + "}")
 //	@AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
-	public Response purge(@PathParam(USER_ID_PARAMETER) String username) {
+	public Response purge(@PathParam(CKAN_USER_ID_PARAMETER) String username) {
 		return super.delete(username, true);
 	}
 	
+	
+	@DELETE	
+//	@AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
+	public Response removeCallerFromCache() {
+		SecretManager secretManager = SecretManagerProvider.instance.get();
+		org.gcube.common.authorization.utils.user.User user = secretManager.getUser();
+		if(user.getRoles().contains(Role.MANAGER.getPortalRole())) {
+			CKANUserCache.removeUserFromCache();
+		}else {
+			throw new ForbiddenException("Only " + Role.MANAGER.getCkanRole() + "s are authorized to remove an user from the cache");
+		}
+		return Response.status(Status.NO_CONTENT).build(); 
+	}
+	
+	@DELETE
+	@Path("/{" + GCUBE_USERNAME_PARAMETER + "}")
+//	@AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class)
+	public Response removeUserFromCache(@PathParam(GCUBE_USERNAME_PARAMETER) String username) {
+		SecretManager secretManager = SecretManagerProvider.instance.get();
+		org.gcube.common.authorization.utils.user.User user = secretManager.getUser();
+		if(user.getRoles().contains(Role.MANAGER.getPortalRole())) {
+			CKANUserCache.removeUserFromCache(username);
+		}else {
+			throw new ForbiddenException("Only " + Role.MANAGER.getCkanRole() + "s are authorized to remove an user from the cache");
+		}
+		return Response.status(Status.NO_CONTENT).build(); 
+	}
+	
 }