diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/AbstractDssServiceRpc.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/AbstractDssServiceRpc.java
index fa25a60342b586046f186f9c4af220f7e71d4004..c3ccf5fe0c5ca5c047b36107c40d71cda29c981b 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/AbstractDssServiceRpc.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/AbstractDssServiceRpc.java
@@ -18,9 +18,10 @@ package ch.systemsx.cisd.openbis.dss.generic.server;
 
 import java.io.File;
 import java.io.IOException;
+import java.util.ArrayList;
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import org.apache.log4j.Logger;
 
@@ -167,7 +168,7 @@ public abstract class AbstractDssServiceRpc<T> extends AbstractServiceWithLogger
     /**
      * Asserts that specified data sets are all accessible by the user of the specified session.
      */
-    protected void checkDatasetsAuthorization(String sessionToken, List<String> dataSetCodes)
+    protected void checkDatasetsAuthorization(String sessionToken, Set<String> dataSetCodes)
     {
         if (isSessionAuthorizedForDatasets(sessionToken, dataSetCodes) == false)
         {
@@ -185,7 +186,7 @@ public abstract class AbstractDssServiceRpc<T> extends AbstractServiceWithLogger
      * @param dataSetCodes The data set codes we want to check access for.
      * @return True if all the data sets are accessible, false if one or more are not accessible.
      */
-    protected boolean isSessionAuthorizedForDatasets(String sessionToken, List<String> dataSetCodes)
+    protected boolean isSessionAuthorizedForDatasets(String sessionToken, Set<String> dataSetCodes)
     {
         boolean access;
         if (operationLog.isInfoEnabled())
@@ -196,7 +197,7 @@ public abstract class AbstractDssServiceRpc<T> extends AbstractServiceWithLogger
 
         try
         {
-            openBISService.checkDataSetCollectionAccess(sessionToken, dataSetCodes);
+            openBISService.checkDataSetCollectionAccess(sessionToken, new ArrayList<String>(dataSetCodes));
             access = true;
         } catch (UserFailureException ex)
         {
@@ -231,7 +232,7 @@ public abstract class AbstractDssServiceRpc<T> extends AbstractServiceWithLogger
      * Return a map keyed by data set code with value root directory for that data set.
      */
     protected Map<String, File> checkAccessAndGetRootDirectories(String sessionToken,
-            List<String> dataSetCodes) throws IllegalArgumentException
+            Set<String> dataSetCodes) throws IllegalArgumentException
     {
         if (isSessionAuthorizedForDatasets(sessionToken, dataSetCodes) == false)
         {
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/EncapsulatedOpenBISService.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/EncapsulatedOpenBISService.java
index 5da73443427312030281020930e581a3e6ef4c48..758805d7d0c904f0eaa3f9d69e154a631fef9f26 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/EncapsulatedOpenBISService.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/EncapsulatedOpenBISService.java
@@ -643,6 +643,12 @@ public final class EncapsulatedOpenBISService implements IEncapsulatedOpenBISSer
         return service.tryGetDataSet(sToken, dataSetCode);
     }
 
+    synchronized public void checkInstanceAdminAuthorization(String sToken) throws UserFailureException
+    {
+        checkSessionToken();
+        service.checkInstanceAdminAuthorization(sToken);
+    }
+
     synchronized public void checkDataSetAccess(String sToken, String dataSetCode)
             throws UserFailureException
     {
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/IEncapsulatedOpenBISService.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/IEncapsulatedOpenBISService.java
index 2899ae5da66de61840757aa9709c965bb1e8e462..c5c50e161fd96158b92ec7f34d89095b778e0a5f 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/IEncapsulatedOpenBISService.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/shared/IEncapsulatedOpenBISService.java
@@ -61,6 +61,11 @@ public interface IEncapsulatedOpenBISService
      */
     public ExternalData tryGetDataSet(final String sessionToken, final String dataSetCode)
             throws UserFailureException;
+    
+    /**
+     * Checks if the current user has INSTANCE_ADMIN access rights.
+     */
+    public void checkInstanceAdminAuthorization(String sessionToken) throws UserFailureException;
 
     /**
      * Checks if the current user has access rights to a dataset with the specified data set code.