diff --git a/src/main/java/org/genesys2/server/api/v1/PermissionController.java b/src/main/java/org/genesys2/server/api/v1/PermissionController.java
index b70ae118346d18bb2d0f9fe5985c52067e12e5ab..74a4c35e1f5130d0385a9b5c021acb1b7cd05263 100644
--- a/src/main/java/org/genesys2/server/api/v1/PermissionController.java
+++ b/src/main/java/org/genesys2/server/api/v1/PermissionController.java
@@ -34,6 +34,7 @@ import org.genesys.blocks.security.serialization.AclEntriesToPermissions;
 import org.genesys.blocks.security.serialization.SidPermissions;
 import org.genesys.blocks.security.service.CustomAclService;
 import org.genesys2.server.api.ApiBaseController;
+import org.genesys2.server.exception.NotFoundElement;
 import org.genesys2.server.model.UserRole;
 import org.genesys2.server.model.impl.User;
 import org.genesys2.server.service.UserService;
@@ -114,6 +115,9 @@ public class PermissionController {
 	@JsonView(JsonViews.Minimal.class)
 	public AclObjectIdentityExt permissions(@PathVariable(value = "clazz") final String className, @PathVariable("id") final long id) {
 		final AclObjectIdentity objectIdentity = aclService.getObjectIdentity(id, className);
+		if (objectIdentity == null) {
+			throw new NotFoundElement("No such ACL object");
+		}
 		return lazyLoadForJson(objectIdentity);
 	}
 
@@ -163,6 +167,10 @@ public class PermissionController {
 	@JsonView(JsonViews.Minimal.class)
 	public AclObjectIdentityExt permissions(@PathVariable(value = "aclObjectIdentityId") final long id) {
 		final AclObjectIdentity objectIdentity = aclService.getObjectIdentity(id);
+		if (objectIdentity == null) {
+			throw new NotFoundElement("No such ACL object");
+		}
+
 		return lazyLoadForJson(objectIdentity);
 	}