=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java	2014-03-27 06:38:37 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java	2014-03-27 11:19:51 +0000
@@ -116,6 +116,15 @@
     boolean canManage( User user, IdentifiableObject object );
 
     /**
+     * Can create
+     * @param user
+     * @param klass
+     * @param <T>
+     * @return
+     */
+    <T extends IdentifiableObject> boolean canCreate( User user, Class<T> klass );
+
+    /**
      * Checks if a user can create a public instance of a certain object.
      * <p/>
      * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java	2014-03-27 10:17:13 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java	2014-03-27 11:19:51 +0000
@@ -205,6 +205,19 @@
     }
 
     @Override
+    public <T extends IdentifiableObject> boolean canCreate( User user, Class<T> klass )
+    {
+        Schema schema = schemaService.getSchema( klass );
+
+        if ( !schema.isShareable() )
+        {
+            return canAccess( user, schema.getAuthorityByType( AuthorityType.CREATE ) );
+        }
+
+        return canCreatePublic( user, klass ) || canCreatePrivate( user, klass );
+    }
+
+    @Override
     public <T extends IdentifiableObject> boolean canCreatePublic( User user, Class<T> klass )
     {
         Schema schema = schemaService.getSchema( klass );

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java	2014-03-27 11:10:42 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java	2014-03-27 11:19:51 +0000
@@ -256,8 +256,7 @@
     @RequestMapping( method = RequestMethod.POST, consumes = { "application/xml", "text/xml" } )
     public void postXmlObject( HttpServletResponse response, HttpServletRequest request, InputStream input ) throws Exception
     {
-        if ( !aclService.canCreatePublic( currentUserService.getCurrentUser(), getEntityClass() )
-            && !aclService.canCreatePrivate( currentUserService.getCurrentUser(), getEntityClass() ) )
+        if ( !aclService.canCreate( currentUserService.getCurrentUser(), getEntityClass() ) )
         {
             throw new CreateAccessDeniedException( "You don't have the proper permissions to create this object." );
         }
@@ -266,8 +265,7 @@
     @RequestMapping( method = RequestMethod.POST, consumes = "application/json" )
     public void postJsonObject( HttpServletResponse response, HttpServletRequest request, InputStream input ) throws Exception
     {
-        if ( !aclService.canCreatePublic( currentUserService.getCurrentUser(), getEntityClass() )
-            && !aclService.canCreatePrivate( currentUserService.getCurrentUser(), getEntityClass() ) )
+        if ( !aclService.canCreate( currentUserService.getCurrentUser(), getEntityClass() ) )
         {
             throw new CreateAccessDeniedException( "You don't have the proper permissions to create this object." );
         }