diff --git a/CHANGELOG.md b/CHANGELOG.md
index d736f2d..0b74765 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v1.3.0-SNAPSHOT] - 2021-03-03
+
+[#20847] Support the roles of THREDDS Admin and THREDDS Publisher 
+
 ## [v1.2.0] - 2020-07-21
 
 [#19676] Migrated to git/jenkins
diff --git a/pom.xml b/pom.xml
index eeac454..9556869 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,7 @@
 	<groupId>org.gcube.portlets.widgets</groupId>
 	<artifactId>ws-thredds-sync-widget</artifactId>
 	<packaging>jar</packaging>
-	<version>1.2.0</version>
+	<version>1.3.0-SNAPSHOT</version>
 	<name>ws-thredds-sync-widget</name>
 	<description>
 		gCube ws-thredds-sync-widget is a widget to use and interact with ws-thredds facility in order to syncronize the Workspace folders with Thredds Reporitory folders 
diff --git a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/client/WsThreddsWidget.java b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/client/WsThreddsWidget.java
index 3ce54c1..9347724 100644
--- a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/client/WsThreddsWidget.java
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/client/WsThreddsWidget.java
@@ -50,6 +50,10 @@ public class WsThreddsWidget implements HasWsSyncNotificationListner {
 	private WsThreddsWidgetViewManager viewManager = new WsThreddsWidgetViewManager();
 
 	private final List<SyncCompletedNotificationListner> syncEventsListeners = new ArrayList<SyncCompletedNotificationListner>();
+	
+	public static final String MISSING_THREDDS_ADMIN_RIGHTS = "It seems you are not authorized to create a configuration with Thredds Catalogue. Request it to the VRE manager or the portal administrator.";
+	
+	public static final String MISSING_THREDDS_PUBLISHER_RIGHTS = "It seems you are not authorized to run a syncronization task with Thredds Catalogue. Request it to the VRE manager or the portal administrator.";
 
 	/**
 	 * This is the entry point method.
diff --git a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/GenericUtils.java b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/GenericUtils.java
new file mode 100644
index 0000000..380b54d
--- /dev/null
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/GenericUtils.java
@@ -0,0 +1,46 @@
+package org.gcube.portlets.widgets.wsthreddssync.server;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * The Class GenericUtils.
+ *
+ * @author Francesco Mangiacrapa at ISTI-CNR (francesco.mangiacrapa@isti.cnr.it)
+ * 
+ * Mar 3, 2021
+ */
+public class GenericUtils {
+	
+	public static Logger LOG = LoggerFactory.getLogger(GenericUtils.class);
+	
+	/**
+	 * Gets the gateway client hostname.
+	 *
+	 * @param httpServletRequest the http servlet request
+	 * @return the gateway client hostname
+	 */
+	public static String getGatewayClientHostname(HttpServletRequest httpServletRequest) {
+		try {
+			String clientURL = httpServletRequest.getRequestURL().toString();
+			URL gURL = new URL(clientURL);
+			StringBuilder theURL = new StringBuilder();
+//			theURL.append(gURL.getProtocol());
+//			theURL.append("://");
+			theURL.append(gURL.getHost());
+			return theURL.toString();
+		} catch (MalformedURLException e) {
+			LOG.warn("Failed to determine the gateway from the client url: "+httpServletRequest.getRequestURL());
+			return null;
+		}
+	}
+	
+
+
+}
diff --git a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/ThreddsWorkspaceSyncServiceImpl.java b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/ThreddsWorkspaceSyncServiceImpl.java
index 580de0a..ee5255f 100644
--- a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/ThreddsWorkspaceSyncServiceImpl.java
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/ThreddsWorkspaceSyncServiceImpl.java
@@ -3,6 +3,7 @@ package org.gcube.portlets.widgets.wsthreddssync.server;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import java.util.Set;
 
 import org.gcube.common.portal.PortalContext;
 import org.gcube.portal.wssynclibrary.shared.ItemNotSynched;
@@ -12,7 +13,9 @@ import org.gcube.portal.wssynclibrary.shared.thredds.ThCatalogueBean;
 import org.gcube.portal.wssynclibrary.shared.thredds.ThSyncFolderDescriptor;
 import org.gcube.portal.wssynclibrary.shared.thredds.ThSyncStatus;
 import org.gcube.portal.wssynclibrary.shared.thredds.ThSynchFolderConfiguration;
+import org.gcube.portlets.widgets.ckandatapublisherwidget.server.utils.GenericUtils;
 import org.gcube.portlets.widgets.wsthreddssync.client.rpc.ThreddsWorkspaceSyncService;
+import org.gcube.portlets.widgets.wsthreddssync.shared.GatewayRolesThredds;
 import org.gcube.portlets.widgets.wsthreddssync.shared.GcubeScope;
 import org.gcube.portlets.widgets.wsthreddssync.shared.GcubeScopeType;
 import org.gcube.portlets.widgets.wsthreddssync.shared.WsThreddsSynchFolderConfiguration;
@@ -156,7 +159,7 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
 	 */
 	@Override
 	public List<GcubeScope> getListOfScopesForLoggedUser() throws Exception{
-		logger.debug("getListOfVREsForLoggedUser...: ");
+		logger.info("getListOfVREsForLoggedUser...: ");
 		GCubeUser user = PortalContext.getConfiguration().getCurrentUser(this.getThreadLocalRequest());
 		long userId = user.getUserId();
 
@@ -176,7 +179,13 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
 
 		try {
 
-			List<GCubeGroup> listOfGroups = groupManager.listGroupsByUser(userId);
+			String gatewayHostname = GenericUtils.getGatewayClientHostname(getThreadLocalRequest());
+			//list of Scopes filtered for gateway
+			Set<GCubeGroup> filteredGroupsForGatw = groupManager.listGroupsByUserAndSite(userId, gatewayHostname);
+			
+			//List<GCubeGroup> listOfGroups = groupManager.listGroupsByUser(userId);
+			List<GCubeGroup> listOfGroups = new ArrayList<GCubeGroup>(filteredGroupsForGatw);
+			logger.info("list of VREs in the gateway "+gatewayHostname+" are "+listOfGroups.size());
 			for (GCubeGroup gCubeGroup : listOfGroups) {
 				GcubeScopeType scopeType=null;
 				if(groupManager.isVRE(gCubeGroup.getGroupId())){
@@ -189,16 +198,39 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
 //				}
 
 				if(scopeType!=null){
-					GcubeScope gcubeVRE = new GcubeScope(gCubeGroup.getGroupName(), groupManager.getInfrastructureScope(gCubeGroup.getGroupId()), scopeType);
-					listOfScopes.add(gcubeVRE);
+					List<GatewayRolesThredds> roles = WsUtil.getThreddsRoleFor(user, gCubeGroup);
+					//Adding only the scope where the user has the (GatewayRolesThredds.THREDDS_ADMIN role
+					/*if(roles!=null && roles.size()>0 && roles.contains(GatewayRolesThredds.THREDDS_ADMIN)) {
+						GcubeScope gcubeScope = new GcubeScope(gCubeGroup.getGroupName(), groupManager.getInfrastructureScope(gCubeGroup.getGroupId()), scopeType);
+						listOfScopes.add(gcubeScope);
+					}*/
+					
+					//Adding only the scope where the user has the THREDDS_ADMIN role
+					GcubeScope gcubeScope = availableScopeForRole(roles, gCubeGroup, groupManager, scopeType);
+					if(gcubeScope!=null) {
+						listOfScopes.add(gcubeScope);
+					}
 				}
-
+			}
+			
+			GCubeGroup theRootVO = groupManager.getRootVO();
+			List<GatewayRolesThredds> roles = WsUtil.getThreddsRoleFor(user, theRootVO);
+			//ADDING THE ROOT SCOPE
+			/*if(roles!=null && roles.size()>0 && roles.contains(GatewayRolesThredds.THREDDS_ADMIN)) {
+				GcubeScope gcubeScope = new GcubeScope(theRootVO.getGroupName(), groupManager.getInfrastructureScope(theRootVO.getGroupId()), GcubeScopeType.ROOT);
+				listOfScopes.add(gcubeScope);
+			}*/
+			
+			///ADDING THE ROOT SCOPE if the user has the THREDDS_ADMIN role in the scope
+			GcubeScope gcubeScope = availableScopeForRole(roles, theRootVO, groupManager, GcubeScopeType.ROOT);
+			if(gcubeScope!=null) {
+				listOfScopes.add(gcubeScope);
 			}
 
 			//ADDING THE ROOT SCOPE
-			String infraName = PortalContext.getConfiguration().getInfrastructureName();
+			/*String infraName = PortalContext.getConfiguration().getInfrastructureName();
 			GcubeScope gcubeRoot = new GcubeScope(infraName, "/"+infraName, GcubeScopeType.ROOT);
-			listOfScopes.add(gcubeRoot);
+			listOfScopes.add(gcubeRoot)*/
 
 
 		}
@@ -207,15 +239,72 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
 			logger.error("Error occurred server-side getting VRE folders: ", e);
 			throw new Exception("Sorry, an error occurred server-side getting VRE folders, try again later");
 		}
+		
+		if(listOfScopes.isEmpty()) {
+			throw new Exception("No scope detected with the needed role: "+GatewayRolesThredds.THREDDS_ADMIN.getRoleName()+". Contact the VRE manager or the portal administrator");
+		}
 
 		Collections.sort(listOfScopes);
 		logger.info("Returning list of VREs: "+listOfScopes);
 		return listOfScopes;
 	}
+	
+	
+	/**
+	 * Available scope for role and catalogue, checks if for the input scope:
+	 * - the user has the role {@link GatewayRolesThredds.#THREDDS_ADMIN}alid catalogue configured for thredds 
+	 * - the scope has an available thredds catalogue configured (by calling the service) 
+	 * 
+	 * @param roles the roles
+	 * @param scope the scope
+	 * @param groupManager the group manager
+	 * @param scopeType the scope type
+	 * @return the gcube scope {@link GcubeScope} if the two conditions (see description) are satisfied, null otherwise
+	 * @throws Exception the exception
+	 */
+	private GcubeScope availableScopeForRoleAndCatalogue(List<GatewayRolesThredds> roles, GCubeGroup scope, GroupManager groupManager, GcubeScopeType scopeType) throws Exception {
+		
+		if(roles!=null && roles.size()>0 && roles.contains(GatewayRolesThredds.THREDDS_ADMIN)) {
+			try {
+				List<ThCatalogueBean> list = getAvailableCataloguesForScope(scope.getGroupName());
+				if(list!=null && list.size()>0) {
+					return new GcubeScope(scope.getGroupName(), groupManager.getInfrastructureScope(scope.getGroupId()), scopeType);
+				}
+			}catch (Exception e) {
+				logger.error("Error on checking available catalogue for scope: "+scope.getGroupName(), e);
+			}
+		}
+		return null;
+	}
+	
+	
+	/**
+	 * Available scope for role , checks if for the input scope the user has the role of {@link GatewayRolesThredds.#THREDDS_ADMIN}
+	 * 
+	 * @param roles the roles
+	 * @param scope the scope
+	 * @param groupManager the group manager
+	 * @param scopeType the scope type
+	 * @return the gcube scope {@link GcubeScope} if the user has the role of {@link GatewayRolesThredds.#THREDDS_ADMIN}, null otherwise
+	 * @throws Exception the exception
+	 */
+	private GcubeScope availableScopeForRole(List<GatewayRolesThredds> roles, GCubeGroup scope, GroupManager groupManager, GcubeScopeType scopeType) throws Exception {
+		
+		if(roles!=null && roles.size()>0 && roles.contains(GatewayRolesThredds.THREDDS_ADMIN)) {
+			return new GcubeScope(scope.getGroupName(), groupManager.getInfrastructureScope(scope.getGroupId()), scopeType);
+		}
+		return null;
+	}
 
 
-
-
+	/**
+	 * Checks if is item synched.
+	 *
+	 * @param folderId the folder id
+	 * @return the ws thredds synch folder descriptor
+	 * @throws WorkspaceFolderLocked the workspace folder locked
+	 * @throws Exception the exception
+	 */
 	/* (non-Javadoc)
 	 * @see org.gcube.portlets.widgets.wsthreddssync.client.rpc.ThreddsWorkspaceSyncService#isItemSynched(java.lang.String)
 	 */
@@ -271,6 +360,14 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
 	}
 
 
+	/**
+	 * Monitor sync status.
+	 *
+	 * @param folderId the folder id
+	 * @return the th sync status
+	 * @throws ItemNotSynched the item not synched
+	 * @throws Exception the exception
+	 */
 	/* (non-Javadoc)
 	 * @see org.gcube.portlets.widgets.wsthreddssync.client.rpc.ThreddsWorkspaceSyncService#monitorSyncStatus(java.lang.String)
 	 */
@@ -287,7 +384,6 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
 	 * Do sync folder.
 	 *
 	 * @param folderId the folder id
-	 * @param clientConfig the th config
 	 * @return the th sync status
 	 * @throws Exception the exception
 	 */
diff --git a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/WsUtil.java b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/WsUtil.java
index 2315ec7..26c7479 100644
--- a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/WsUtil.java
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/WsUtil.java
@@ -3,7 +3,15 @@
  */
 package org.gcube.portlets.widgets.wsthreddssync.server;
 
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 
 //import org.gcube.common.homelibrary.home.HomeLibrary;
 //import org.gcube.common.homelibrary.home.exceptions.HomeNotFoundException;
@@ -14,6 +22,17 @@ import org.gcube.common.portal.PortalContext;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.common.storagehubwrapper.server.StorageHubWrapper;
 import org.gcube.common.storagehubwrapper.server.tohl.Workspace;
+import org.gcube.portlets.widgets.ckandatapublisherwidget.server.utils.the;
+import org.gcube.portlets.widgets.wsthreddssync.shared.GatewayRolesThredds;
+import org.gcube.vomanagement.usermanagement.GroupManager;
+import org.gcube.vomanagement.usermanagement.RoleManager;
+import org.gcube.vomanagement.usermanagement.exception.GroupRetrievalFault;
+import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException;
+import org.gcube.vomanagement.usermanagement.exception.UserRetrievalFault;
+import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
+import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
+import org.gcube.vomanagement.usermanagement.model.GCubeGroup;
+import org.gcube.vomanagement.usermanagement.model.GCubeRole;
 //import org.gcube.portlets.user.workspace.server.util.WsUtil;
 import org.gcube.vomanagement.usermanagement.model.GCubeUser;
 import org.slf4j.Logger;
@@ -21,7 +40,6 @@ import org.slf4j.LoggerFactory;
 
 import com.liferay.portal.service.UserLocalServiceUtil;
 
-
 /**
  * The Class WsUtil.
  *
@@ -29,7 +47,10 @@ import com.liferay.portal.service.UserLocalServiceUtil;
  * Nov 25, 2016
  */
 public class WsUtil {
+	
+	
 
+	/** The logger. */
 	private static Logger logger = LoggerFactory.getLogger(WsUtil.class);
 
 
@@ -96,4 +117,70 @@ public class WsUtil {
 		}
 	}
 
+	/**
+	 * Gets the list of Scopes (Root-VO, VOs and VREs) for user and the thredds roles the user has in them.
+	 * retrieve the VREs to whom a given user 
+	 *
+	 * @param user the user
+	 * @return the list vre for user
+	 */
+	public static Map<String, List<GatewayRolesThredds>> getScopesThreddsRolesForUser(GCubeUser user){
+		logger.info("called getScopesThreddsRolesForUser user: "+user+", in all contexts");
+		
+		GroupManager groupManager = new LiferayGroupManager();
+		Map<String, List<GatewayRolesThredds>> mapRoleByGroupSingleVre = new HashMap<String, List<GatewayRolesThredds>>();
+		//GCubeUser user;
+		try {
+			
+			//Retrieving the list of VOs and VREs
+			List<GCubeGroup> listOfGroups = groupManager.listGroupsByUser(user.getUserId());
+			//adding also the ROOT-VO
+			listOfGroups.add(groupManager.getRootVO());
+			for (GCubeGroup gCubeGroup : listOfGroups) {
+				List<GatewayRolesThredds> threddsRoles = getThreddsRoleFor(user, gCubeGroup);
+				if(threddsRoles.size()>0) {
+					mapRoleByGroupSingleVre.put(gCubeGroup.getGroupName(), threddsRoles);
+				}
+			}
+			
+			logger.info("For user: "+user+", returning Map (VRE, ThreddsRoles)  " + mapRoleByGroupSingleVre);
+			return mapRoleByGroupSingleVre;
+		}catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault e) {
+			logger.error("An error occurred during geThreddsVreRolesForUser: "+user, e);
+			return null;
+		} 
+	}
+	
+
+	/**
+	 * Gets the thredds role for the user in the vre
+	 *
+	 * @param user the user
+	 * @param vre the vre
+	 * @return the thredds role for
+	 */
+	public static List<GatewayRolesThredds> getThreddsRoleFor(GCubeUser user, GCubeGroup vre){
+		logger.info("called getThreddsRoleFor user: "+user+", in the scope: "+vre.getGroupName());
+		try {
+			RoleManager roleManager = new LiferayRoleManager();
+			List<GCubeRole> roles = roleManager.listRolesByUserAndGroup(user.getUserId(), vre.getGroupId());
+			List<GatewayRolesThredds> threddsRoles = new ArrayList<GatewayRolesThredds>();
+			for (GCubeRole gCubeRole : roles) {
+				if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesThredds.THREDDS_ADMIN.getRoleName())){
+					threddsRoles.add(GatewayRolesThredds.THREDDS_ADMIN);
+				}
+				if(gCubeRole.getRoleName().equalsIgnoreCase(GatewayRolesThredds.THREDDS_PUBLISHER.getRoleName())){
+					threddsRoles.add(GatewayRolesThredds.THREDDS_PUBLISHER);
+				}
+			}
+			
+			logger.info("For user: "+user+" in the scope: "+vre.getGroupName()+" returning roles: " + threddsRoles);
+			return threddsRoles;
+		}catch (UserRetrievalFault | GroupRetrievalFault e) {
+			logger.error("An error occurred during getVreRoleForUser: "+user, e);
+			return null;
+		}
+	}
+	
+
 }
diff --git a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/shared/GatewayRolesThredds.java b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/shared/GatewayRolesThredds.java
new file mode 100644
index 0000000..2fa7f1c
--- /dev/null
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/shared/GatewayRolesThredds.java
@@ -0,0 +1,18 @@
+package org.gcube.portlets.widgets.wsthreddssync.shared;
+
+ public enum GatewayRolesThredds {
+	
+	THREDDS_ADMIN("Thredds-Admin"),
+	THREDDS_PUBLISHER("Thredds-Publisher");
+		
+	private String name;
+	
+	private GatewayRolesThredds(String name) {
+		this.name = name;
+	}
+	
+	public String getRoleName() {
+		return this.name;
+	}
+
+}